formbook | 2908-6-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2908-6-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

1f052999818c1802b676c7565329b63e
SHA1

31ddee6e0a0f9bb8cb30f55ee9b655713492b57a
SHA256

486e66bcd5b9c2a69e198962c781025561b55fa4a8016b96c2d9a2858e6de269
SHA512

212e910a72d175b5fe05247ad207a1ee4300581fb38e7fa20b063f8be419ee41ea69f69d362ae259b47d527d539afa7353f25c05b2f4cb9ae8b0213d38db191e
SSDEEP

3072:WtwbZ/kz0qsqhYx3vAliM02P2rbW2DK2Q/CnA6nD6Gdjbi1:X6LYtv8iMOrbW2O2wYlGX1

Score

10^/10

rat ot96 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot96

Decoy

yclingbear.studio

sxuio.xyz

eon-official-bk-o57v.buzz

teel.management

rusjitu.sbs

ighwald-holdings.info

ummitfinancal.vip

layvalleyconstruction.online

pp-games-efficsecuspon.xyz

ouh.shop

mgltd.services

gshsjwhgsg.fun

eidotijolo.online

yifg.sbs

nline-gaming-ox-mx.xyz

ux-money.info

inergiputraborneo.dev

panish-classes-67016.bond

reightrading.info

23bet.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2908-6-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2908-6-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB