formbook | 2824-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2824-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

bfd72a113459ee8b82e04d723c53ace5
SHA1

2ea74f7b391fb28515cd0e9445bdfbfe19e1e5b2
SHA256

a910357f24690a19f9f32e9e84aa31083052c62c6f548d194424fb87fda94dc5
SHA512

8b2a97618912e6a96994371fbab29e405312a8a9dc2eb5b82b3ade05f0cabd57453116d3f475d3a396791461de8855ce012bf795b2e7d54cc033bfa3f7c24ce9
SSDEEP

3072:D9GEV7Hji83W3gzumwcs6zJi6b8+LBTcj7FqptkWPsGw8M37TC:D7HAgy56zJi6b8+LpIBqvPUPC

Score

10^/10

rat v93r formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2824-67-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2824-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB