formbook | 2180-0-0x0000000000400000-0x000000000052F000-memory[.]dmp

General

Target

2180-0-0x0000000000400000-0x000000000052F000-memory.dmp
Size

1.2MB
MD5

3564affa92216a487a52c3348ee16286
SHA1

1ee87fa672ff32a24681b1ff457cb96aa34e8be2
SHA256

f27bef2ff411f733d8c94570fb2e4e6701854c62624b635ebd76a2372b8f1b9c
SHA512

15faa985c30774bacacdaf7a024951c54fb1705e3a68149f0c5fea20c5cef63201de62cd3e92544842be28de4e422bd70769377a5e033311e175265d7b88401b
SSDEEP

12288:7dvHD7X2OIU6kka/6HfU4l69SnDOorGNO7c4KuTmvzKI3aCnEjBijKvm3CMVBAVz:51/6kk9HfhFnDOoLc4KDbmmDVBAB

Score

10^/10

rat ca formbook

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ca

Decoy

etrade668.com

witchwardrobe.com

fresh-express.info

court-of-protection-abuse.com

mydomaine.pizza

chiquirritmo.com

goldennestconstructions.com

gldqn.com

songkorea.com

epaqint.com

3201wargyle1s.info

batdongsanhungphu.com

higheredandbeyond.com

tenpro25.date

drzcapital.com

corporativoacarsa.com

happyupward.net

aljyc.link

travellerit.com

dazhongpuhui.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2180-0-0x0000000000400000-0x000000000052F000-memory.dmp

Files

2180-0-0x0000000000400000-0x000000000052F000-memory.dmp
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 860KB - Virtual size: 860KB

DATA Size: 31KB - Virtual size: 31KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 32B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 66KB - Virtual size: 65KB

.rsrc Size: 220KB - Virtual size: 219KB

CODE
Size: 860KB - Virtual size: 860KB

DATA
Size: 31KB - Virtual size: 31KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 220KB - Virtual size: 219KB