formbook | 2156-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2156-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

18c116bb01bd58156b6db3be7914cca3
SHA1

1af26fb344196d2b23b03b9296a45e441421285e
SHA256

771d0f86f53d42a76f4059640786489ffb783b947c2de06ab6e33ef5f33c6e47
SHA512

ab83e77597ed355bec6fe54b42ecf70c0f4a495c75f58949f1f9a323393b58c03bf443dd5122c13ab2a2f834e08e3104853c4b3d71c5bb9fca48e82797d4bbe4
SSDEEP

3072:+AoYFtUdD5bU0+ML+vbE/n3ECKVAqkcNouqamhIHdFhXdOPzW2MBsluE7w3:PZjK+vA/3DKVAqki/qaPdFhtL2YXGw3

Score

10^/10

rat ga06 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga06

Decoy

y1rmgv9c.top

orlifebasma.online

ocxxcakkejka.online

ealthcaretrendstr.bond

quitemtudo.online

oeziad.net

afelajuzq.shop

andasia.net

4web.info

acingdreams.xyz

fcpc.sbs

pin238rtp.lol

olar-systems-panels-91358.bond

ovember222.vip

01639.xyz

xfundz.top

illsol.top

rerise.shop

eavenlavvi.net

rtificial-turf23.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

Processes:

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2156-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2156-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB