formbook | 1716-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1716-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

de60f5acd6a3d06f93a1d23980537055
SHA1

11fbfbf5b04f9aae8bd499dd91fe01c3a6fbd17f
SHA256

12077ad53e55f9c2878d1da0293d91afc1ea75571368844a4d8675ac8ca7ba58
SHA512

197eea57884a96aa2fac835894cceb2a674db26f5bdb602f5980a6ad4904065078642ccf5fc7e406c994d0eca693bcc28141a7f41e470fc1eecf3ad41b555cae
SSDEEP

3072:1UJ/bkI2urNDu3WDvLn07/eGcSPE9LJVIxdqLDH:ehtIWbz07/eGcSAEdqnH

Score

10^/10

rat ui16 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ui16

Decoy

hayfevertips.uk

dura-grass.com

eclsimsline.com

audiolibroprofesional.com

ieltspassion.foundation

coverdriveinsure.com

importainer.com

localcustomcurtains.net

bskduwuakkasndh.online

kraaftheinz.com

innovandotubelleza.online

ironandalders.com

howtolowerbloodsugarfast.com

wordpressbilimi.net

evoting.africa

ppecollect.co.uk

eileenfisherdeutschland.com

digitalprintcompanies.com

weblo.net

aws-awsnoona.icu

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1716-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1716-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB