formbook | 2492-3-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2492-3-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

3da80db0471219756d5318575012e956
SHA1

f673a41577e99f7a5bdf8ddab759c1d3c9486623
SHA256

ad2f783544d0b2d1b2d40b59bba7a58c2082200df38ef09eceecfd99c6259d73
SHA512

d65f66ec6aa0b41d1e9e9c5dbb5f1a2eb2fff6915d0bba925a76c940dd7105b79e3b7738ac463cd2ce5a79137ee9d507cd54914bfa46191e9f9067fd2b69350d
SSDEEP

3072:LeyvXFFJNDIcTyhk4I6RJpzfqaa53Ozpn7v5tUUU85yDb0Sde0huy1o:H3R4I6LSaa53ev5tfFSg0R1

Score

10^/10

rat e62s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2492-3-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2492-3-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB