formbook | 2296-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2296-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d600d079b112de0ee71cb46e583b279b
SHA1

1c0a881883fabca004bbf42db2b885fa6005483f
SHA256

844ebbd7d348c43ecce35fd33ba7638b14bc8be808e6beea900a9f3c8394919f
SHA512

7e01788925bdfa1b5876114fadcc285289e325e1295e8a8082b05af5b054e1a3c4752021fd9ae9021deb8008b050212462e8582f1a4a2e668e9049d2f1347e79
SSDEEP

3072:IeUEXsvkwozy3kJJ99PUqcjVkp9piUYZyH7nIo:Pcckk39mqcjVkp9psZyH7nIo

Score

10^/10

rat d16h formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d16h

Decoy

iki-graphy.online

l8z8c.vip

1709.asia

inematography-course-72246.bond

pis3noe2e.sbs

wernv.xyz

ovepepe.xyz

ama-online.world

ookmouse.fun

harkclothingdesigns.xyz

bbvvjuiqew.bond

sed-cars-93620.bond

esgateeganhe.shop

cekmeledak.info

ebulahorizon.buzz

peakers-92991.bond

essislotgoal16.top

hafi.biz

ichunyang.club

lrica.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2296-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2296-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB