formbook | 3452-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3452-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

97e68f31a5bff49a47c5c07dcb70fa9f
SHA1

5755cbae97a40ef8a4cb30c3df933242ec3a34f1
SHA256

3b4d4541df4c2e91edf30724a59ac68115edf651732f6c5670984cdcb4458141
SHA512

9fe3c7eb324e41aa7c4cce5a99edda57a90bb9c781b1e885a3e21f704d663a09158feeeb299d45b245298734c5ea32023ca4417b9830ee5fdbb33cbe6dc739ef
SSDEEP

3072:dRzVlklr2daihi3dN6SWnAHq402CP14JDnEpFyYSsnD2+lEX5/WYo0R:QKUdcXgq402KJHRnSb/WS

Score

10^/10

rat pr17 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr17

Decoy

fx-trading-investing-find.today

inhoaphuong.online

clinicadramorelle.com

lugarllc.com

figueroasautorepair.com

clinicadralidicisantana.com

portatrowel.com

enfgedqhenm.xyz

xn--y3cdvn3c.com

thejerseysleague.info

garrickdenise0174.top

p20838.com

iprbl.link

bemossfun.shop

crbnex.com

trueintentionssingles.com

webkit-new.top

aphorticulture.com

ezeemath.com

6blg3avp.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3452-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3452-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB