formbook | 3036-71-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

3036-71-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

84af466709371d158ca6a8acc4af077c
SHA1

0fd2f4fde016a4636b541024a6bb0c0619d1cb0f
SHA256

4d962a244cae4a7547befca65feb0d4658c805c80b77bc391a4e5eced5cd944d
SHA512

af4ba546cd1c6f0b888962e7d4688b2ca217b2283f0bf70d40c7d09bf784bbcfde30a9453e3cd33381aad2834fc5f0c81831982100a623db0d20298a410a2bcb
SSDEEP

3072:jg5ESS1jE2C3QmTX+5QP5aWHZ0VCRQiPgwfOu08wWg5uDkCEVhLK:m40Q0X2QBaWHZ0gKiPgwfOu0nWgPC

Score

10^/10

rat be53 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be53

Decoy

monsterdonut.net

shutterpilot.co.uk

deangelojamess.com

mecxon.online

eaglewallet.tech

withlovepty.africa

akgrouptr.com

carrentalcost.site

cancercachexiastudy.com

educationmall.africa

kisaliste.com

labarlonecode.com

icolut.xyz

excuu.club

gota-africana.top

letmeoutbook.com

duniyartech.africa

freightbyu.com

laanonimalibreria.com

atable-maroc.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3036-71-0x0000000000400000-0x0000000001462000-memory.dmp

Files

3036-71-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB