formbook | 4448-1220-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

4448-1220-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

49420c5e2a09188447606b18f603b7af
SHA1

13f254d913bc8276452b9c252bdb708945f12aa2
SHA256

8cb50dec47b53c03ac4bdddffb9941806ee214a9746bf0b7d98726651d0e0a64
SHA512

81669adca2d7edf412ecc82fa423b9d63630dbb691e57a4314af936a62026fceb496712efcbf2aab7ae07a9f88040d23264f6023dc538fb2c4ae76d8c4c4186e
SSDEEP

3072:X4cDekKhhbHjUNwAm+7aNj/HLrXi8eWCCa6kdG0tTb:jyrUyAZaNj/HPXizWCdDdG

Score

10^/10

rat bi62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi62

Decoy

matchey.xyz

llrj17771.sbs

sdjunqiang.com

gfowpsux.click

onsitecomputers.net

dotrefdesk.com

ciayo113.click

assetpanea.com

tiendatodoonline.shop

izzicasinoofficialsite4.win

associacioadfrurals.cat

flyhoneybeefly.com

szsh56.com

bundlefabricate.top

xiaohanghang132.sbs

moke.zip

iebs7h.xyz

8965656.vip

lojassnobcalcados.com

bonnetwear.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4448-1220-0x0000000000400000-0x000000000042F000-memory.dmp

Files

4448-1220-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB