formbook | 2512-3-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2512-3-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0f7e4a60d98741130f521f5d5354082b
SHA1

f9d7ef5e9c0e81a9ddf9ebbd17d5aea3ffde0dbe
SHA256

89fc74cc48f5da6e0b3e6eb799d9caf77c9ea63571a38c5b99a9932b61bb903d
SHA512

b16651804d526c9de3d96ebaea14f90b722dd1d98a8cdf887860e744edb90a14854a20d1365e2b18898f2b5fa833b5c19a48184a0261582e8b29f01dcad54679
SSDEEP

3072:Iu0UMFM+T6MDWipeyRdFqFtgwKayHH+xHgHt0WCDr9WCTqfiJE:hTLyRdE9KayHHoHgH2zDrXTc

Score

10^/10

rat ge07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

mail-marketing2-9946168.live

ouwmijnweb.net

verythingmars.online

rgqhcy.shop

unter-saaaa.buzz

ox.bio

arkside.top

ransportationmmsktpro.top

lue-ocean-bar.group

lympiccat.xyz

onstruction-jobs-49170.bond

andon-saaab.buzz

fdmw.sbs

48430091.top

yuyh.boats

kyt968.shop

pismedical.shop

ocialmediafactory.xyz

inussofa.shop

ision.fit

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

Processes:

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2512-3-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2512-3-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB