formbook | 2904-7-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2904-7-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

6a54d792e46dab045d65a162c0885fab
SHA1

344bf0824d5204eaa99c37401924ffc17151a077
SHA256

eb849cef9ed778ab58e46f726d6729f2f4776d56732df8859c5413986e74158d
SHA512

bde3939c0a4e7dae8a4dd616e172d7c432a049de099963f3b5f36df3177c175aa6755afecbed03a4ab8b897ca5bf793337b6e0b84e717a04187d11c6ab1ff255
SSDEEP

3072:9q3v2kOwf8h3jD5iy3UHY8+M/wLKO4C4mA9PBy4h5gczn8xlg4:28hUkU48+uQKO4C4mQBT5PQxe4

Score

10^/10

rat r08c formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r08c

Decoy

concretecontractornorfolk.com

itproaudit.com

thelandlorddoctor.com

albanywatercolorgroup.com

arppi.icu

mintkeysolutions.com

tjsjtx.site

ravendistributors.com

austrocan.com

realyogawear.store

theofficialtrumpcards.com

givingacare.com

chantaldesjardinsauthor.com

militraytimes.com

coworkerorai.com

etherprint.xyz

asia123.online

kbjbk.com

greenpeaceful.net

yyqqt4.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2904-7-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2904-7-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB