formbook | 2380-7-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2380-7-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

3a00c15ed411cd475bfab4fb1edf2a4a
SHA1

5a161b86a2844b429a4a68a74f5f03045d84908a
SHA256

dfea583f79abd30e4a52da25818a436ce0fe70c5f0797e75eb8efb4df3b395ec
SHA512

6d40e93c5719759074e11785bab34db3319bcae4533eb70a04fd51ef4d9d8a4fc4422c6d735975c643ce134b008487a318d6224a719656fff600a9a78849e8c5
SSDEEP

3072:Q9E6Fei3oJl0zRAhjfN5f/Jj3rvZrF05KC+j2+Sl4:kNahjlVJj3rvZrF0g2+m4

Score

10^/10

rat ts49 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ts49

Decoy

aytolljqp.vip

ibnllc.net

impiezasvalladolid.net

reteon.xyz

edeliva.net

qynja.top

eometricdesigns.shop

64784p6.top

odhipoteke.online

ilezjan.net

om-dt02.cyou

xoticgirldrip.net

2livegames.live

ona88.skin

enerator-bcq.xyz

hared-office-4198379.zone

uyer.net

pilirplink.fun

t38asc.net

ntalyaescortking.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2380-7-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2380-7-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB