formbook | 1376-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1376-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

cc6139e7fc1aecadef9f85ab34dd32a2
SHA1

df0b3849acc80c850a96ead3648f5a4c312689dc
SHA256

d1f8ec1f97b00cbf0f8c9458157f3ab3f53b7a3f87653cb9db9b782310082bff
SHA512

91b03b82822fddcfdc8213d7873bf90457a939c92f1e5b908b38127e30873e719ae94a455d26909a5bb0f58f391120346e72ddd1e11fd5c803bb5874327222bb
SSDEEP

3072:2CHLkQkgDmt/3tEhry71GmElEwH4QJwIE9A1tl3QKdm:rE/t4m71GmEl5Yr39A3GK

Score

10^/10

rat bm49 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bm49

Decoy

aerotecaviations.com

bahjipo.xyz

ignitiongrowth.net

22011020.com

92265.xyz

cidernbox.com

34621.se

thetulingroup.com

gesidbi.info

hydeding.top

ateskuslaridizisi.xyz

fortsmithbeers.com

grimpulsa.shop

huangguantiyu33.com

aacchauffeurs.com

arnolicious.tech

ethhnm.cyou

libertazglobal.com

lahedge.com

andrea-fuchs.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1376-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1376-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB