formbook | 2504-35-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2504-35-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d1431cb864c93fcb62488e60381048d3
SHA1

784201f7296fa53f5e1ce0da9618a6ef4eca00b0
SHA256

4d6d88b58a63e89234d71e4e598a679631394b5e82cbd5f7a104130072eb6144
SHA512

bb1496a1bc4139ccf7905cfebc337bcd9906316c5a772c21ef0a995ba6e13a4a0b2f2d2f368ed4f12a3610cd3333f33247526cbf157aeaff8db35aef82cddb16
SSDEEP

3072:cNqE0KtSYDo3S9mQEBg6u9JH1hOCCnmGVoav4bkaSsdiXdf:FSmS0QEC6u9JHL5CnmwSbka9iXdf

Score

10^/10

rat fs35 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs35

Decoy

latechdz.com

sdp-ploce.com

ss203.site

sm6yuy.net

needstothink.com

heginstwp.com

blueplumespirit.com

vemconferirshop.click

yorent-auto.com

eleononaly.com

medicalspacelocators.com

7law.info

imacanberra.online

bbtyss.top

onlyanfans.com

varenty.com

fappies.shop

313865.com

hongpools.com

babkacuisine.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2504-35-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2504-35-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB