formbook | 1728-7-0x00000000006F0000-0x000000000071F000-memory[.]dmp

General

Target

1728-7-0x00000000006F0000-0x000000000071F000-memory.dmp
Size

188KB
MD5

3a81b2ff49ab53c7120ef1ac2e2c957c
SHA1

c6c3a17fc044b5de891b730cf25192f7e92ff54d
SHA256

0483db320b3dd22f834735d28cae1f6f7740aef0c24b9df60c4a97d2814b66ac
SHA512

8fe6b97992949307358969f6770df05ce1f921119c0083fead329f3f4cb4c109ef27d7ff626c6715480087958a3ae20624bb74e3cf2e49ae8a3bcb293ac507f7
SSDEEP

3072:MiqVFtNNJ7Bo5gn6XpXK9tCaHIuYEE2+eaWhzQDODHvQJI:eNmE6X5isaHIucWhGODPaI

Score

10^/10

rat fadc formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fadc

Decoy

protechdream.com

faireco.life

bakrinhome.com

bustygirl.xyz

kbif.info

ningo.bond

hollywoodcircleevents.site

eapv-uabjo.com

852bets.com

nooption.online

global-strategy.pro

cartaonline.online

sacredbones2023.com

barsandbands.fun

liftchairs-info-mx.today

delamar.one

shuntianyuan.net

americanworldsolutions.com

julitv.net

criativax.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1728-7-0x00000000006F0000-0x000000000071F000-memory.dmp

Files

1728-7-0x00000000006F0000-0x000000000071F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB