formbook | 3048-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3048-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2381b579fdc8be658f57dd29dd2c3f25
SHA1

e6cd8552921feab3d79cd8a0395b32b6c10fa9dc
SHA256

f68d3219bb9470cf1fd6978cbcb7b5bcf05c23847a46f91bf15ece968ecc1e30
SHA512

44d652913cb40e64f31d00325258d43abc417c0040f06db85007d638039c4600ced5b6d6788e58bc0b448cfd0cdaf6ee210689e90a138fb359ac0004deb9b886
SSDEEP

3072:GXMTEoiAtNW8XN3k72ChKDtK7g+OjJzbI1kWaqzq4gYx:XiAxkqsKDtK7gzJzbIEqW4fx

Score

10^/10

rat sy11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy11

Decoy

digimarket1.com

scope-eez.com

bmn958.com

shreeshyamscientific.com

maklngsoiencetdit.com

tjornevent.info

pavingcompanysuffolk.com

eastpondo.com

dealswithgrace.com

112233.store

clubvanarc.com

vvx1dv1.xyz

autonomiacr.com

breastfeedinghelp.net

radrat.art

localcan.pro

bbcsouthwest.com

iraql-oil.vip

email-pickhealth.com

ceimontana.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3048-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3048-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB