formbook | 3000-67-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

3000-67-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

e6d6230de38c086d37754bd6ec1be806
SHA1

cf957069bcb4289b43c0529cd581c8dfb93e128c
SHA256

36d7a1bc26553de74a2ba766c1f66ce6acc4492d3ce56f26dc3546e3e0c2eece
SHA512

2804c267ab2e87ecf752ab36b50dc74f6b1339374a791fa602d5979ea188e02fcb1d1596934ebcbeffe6bd5b88a3a5531d03f48e92591bf123f290ad978db4be
SSDEEP

3072:RNNjckJeBGKCud33zuesIsb9q20ou5UvFJ9CZ8hHfK:scYHzFsIsJq20ou5UvIyh/K

Score

10^/10

rat al05 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

al05

Decoy

becapmuiu.xyz

wearerp.com

beautychannel.world

kuwiti.com

vex5678.com

pecanbayouwoodworks.com

lrsconcrete.com

emgje.buzz

haorizi.net

tradingbattle.net

growgram.info

zuolide.com

poliedriconsulting.com

persjateng.com

pseudlifelif.com

tgteletg.top

33changing.com

jayagrandcounty.com

thegopigirls.com

c8685.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3000-67-0x0000000000400000-0x0000000001462000-memory.dmp

Files

3000-67-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB