formbook | 1768-78-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1768-78-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

90d9ded9bc2d06969b53ff866cf0731b
SHA1

0a952d37e9197ea013a228f52117f4ce33ebd157
SHA256

3a9ff73592ec101df268cd9a9a701569fa6a1ad070d9b8d10050e41ba7c06c4a
SHA512

0be705fd9490420a9d9425c0f733945fb630a8f813569814c6c72256731bb126c2c4060241b1d4a3ab0623d78fd601ad4126bb040d86a2ac195cfd8db9a31bc1
SSDEEP

3072:G6gEaC42XBi3oYbtHmjriph1T/O+UI5L93IEVGMu:84UoKtHuriph795L2ZM

Score

10^/10

rat ba17 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

1768-78-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB