formbook | 2672-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2672-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e1e220bc97b94f716e9ee92dac104922
SHA1

1f75d0ff95722c5967ab5d2fd36b2d592bd191ca
SHA256

db07bc0c3850ba6da4dac66d105216f75939479f3f755a8c0d17fd5bf3311ce4
SHA512

d112d58067c87bf1fa093894e7bfe2b18e8c90f4dc5a69bba24ca4c22c82133fa6c5c7033db7680450f583655f3341e76fac199c847263e7418d26d8b330f8e4
SSDEEP

3072:A3vsFBvfPbwBQ6KWbZmfrG7XLPANanjQAzmUUkkMZthoclomlFn+iWW+P:RvkaGbZYrG7LoanjQcvUrwoAjWWq

Score

10^/10

rat t18n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t18n

Decoy

tmusicoregon.net

atici.online

j7u7.xyz

iewunucierwuerwnziqi1.info

ruvabetgiris.website

acik.lat

obsk.top

sphaltpaving-ttp1-shd-us-2.shop

ispensarynearme.news

b3nd.bond

urelook.xyz

gearlpfbm.top

aconstructionjob.bond

killsnexis.info

oshon.xyz

ashabsxw.top

ussiatraiding.buzz

raipsehumus.homes

6ae23rx.forum

edar88vvip.shop

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2672-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2672-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB