formbook | 2920-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2920-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a365a152e007955de9eaed5c34ef634d
SHA1

6b671193ab0c9ccb8a270b6f3d98e31085de1452
SHA256

c4aa2eac43c7313469abaa9fcd3debfd4ab2ade7538f87fdb17db711dcfa2cf6
SHA512

4f68888ad17cca4dc654be3f3103171ae99f60d7dd39216311d165e969e21db0400396fb7baca783b1a988ece7cfafef998e59182a83cfaa19a4b0412a7df89e
SSDEEP

3072:TxlfxFrnETPWai2D8a1e4XmkK2Hl21LK606wOuU1ZMMHE3euLtJU65tp9:TjLETPvhFXmbakK606wS1Za3euLn5X

Score

10^/10

rat dn13 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn13

Decoy

5q53s.top

f9813.top

ysticsmoke.net

ignorysingeysquints.cfd

yncsignature.live

svp-their.xyz

outya.xyz

wlkflwef3sf2wf.top

etterjugfetkaril.cfd

p9eh2s99b5.top

400108iqlnnqi219.top

ynsu-condition.xyz

ndividual-bfiaen.xyz

anceibizamagazine.net

itrussips.live

orkcubefood.xyz

lindsandfurnishings.shop

ajwmid.top

pigramescentfeatous.shop

mbvcv56789.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2920-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2920-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB