formbook | 708-7-0x0000000004450000-0x0000000005450000-memory[.]dmp

General

Target

708-7-0x0000000004450000-0x0000000005450000-memory.dmp
Size

16.0MB
MD5

e03a768f86bc360b7b38fa64991f4aa1
SHA1

4b6c029bff25ede339f69acf87020cdd1147d67c
SHA256

bfa5c599d9a7fb052ec1d08b5efaba3e186966678c115f18c72736ab447096d6
SHA512

fa932120945351c86a2cd72ecc0e1d711b7a69f34796f2c1de2328baf0feb03298d19f1c208471f32b52dd2fa9ace1af101df527f7c8a9383c08cf0f50c59ddf
SSDEEP

3072:MiqVFtNNJ7Bo5gn6XpXK9tCaHIuYEE2+eaWhzQDODHvQJI:eNmE6X5isaHIucWhGODPaI

Score

10^/10

rat fadc formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fadc

Decoy

protechdream.com

faireco.life

bakrinhome.com

bustygirl.xyz

kbif.info

ningo.bond

hollywoodcircleevents.site

eapv-uabjo.com

852bets.com

nooption.online

global-strategy.pro

cartaonline.online

sacredbones2023.com

barsandbands.fun

liftchairs-info-mx.today

delamar.one

shuntianyuan.net

americanworldsolutions.com

julitv.net

criativax.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
708-7-0x0000000004450000-0x0000000005450000-memory.dmp

Files

708-7-0x0000000004450000-0x0000000005450000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB