formbook | 3052-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3052-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2bb2eb54bce2ce97c9a5057af88856a7
SHA1

bc55526753378f76be36be0b1a46c5120b9730ee
SHA256

097e38dda0b856cebc5e31c2fe52eae04ffe266ac90771fbf05163c4e50da46d
SHA512

d625a018bad94cc28fe0ece9fe476da054c74f8fb30bf93140f198f9bf7c0f0a62bcb9dea211d8bacfffb69be2e41a7506eac47f51765d7915420552608e72b3
SSDEEP

3072:BzuECtdC/nxhv3LllezDJitDqEYoks/SKGTZLq0LW15dz51r4yV:cw7/LllePJ2DqXxs/5Glq0O5/1r4yV

Score

10^/10

rat bz24 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bz24

Decoy

paltran.com

convadesolutions.com

smyx9b.work

friggerio.com

jndyfjc.com

dm4im2q2.top

adamloweforpresident2020.com

grvtyindustries.com

lovelycacau.com

seqizi.net

xisl88.com

dateknightdelivered.com

celebsmoaic.online

patriciolawnlandscapellc.com

liqq.asia

solutions4educators.com

hybridrate.com

newseza.com

enfejbaz9jdfthea.click

bergstromchevymadison.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3052-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3052-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB