formbook | 2676-14-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2676-14-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b07ca8145510ac4e1a82a90e6c1c3b98
SHA1

5f45c3c90931405fad7a680cd9fcc8dbba5f6646
SHA256

6af165bbc551750539bdd5b38417e2f5651bfc0a823d6d603142e7ab1ac79d7f
SHA512

fb87322ebbf44b20a8774a9c66c7386eae0ab7b4992dfc4b3a028faaade13178edc8c5f313f6e089c3ee0a1af03dd2b6095dc7031c60a63fd13b82ca4c302573
SSDEEP

3072:wuYjEPyAb4QFs3/3y8S0zpqRR89dtoqdEY90i+NDoQAp3:1+Gi/i8tqRR89rpUNDJAp3

Score

10^/10

rat u29r formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u29r

Decoy

thebrokerhi.com

magiccurly.space

ourbrilliantwedding.com

shopbuddha.shop

arilon-chronicles.com

recycle-link.com

qwepfr.com

suhalayainteriors.com

wngjhsz.com

bioatractor.com

mimundocrochet.com

betaverse204.com

infinitelyweddings.com

simplurisign7446.com

alo-yoga-paris.com

zacharythompsondesign.college

dollylockets.com

stj5000.com

golddustdrivers.com

www234788.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2676-14-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2676-14-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB