formbook | 3048-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3048-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

69fd9bfea27096f23e7f505843a9ed8c
SHA1

a496a3d2754d28180c382feb1a35dd97a38c60d0
SHA256

dbdd6458f3800112d43fa10e35b52559d54bea06eea22a896dcc61faefdfeb8a
SHA512

2a33fdc505f66cf4f8f8387551121e0429e61c23e863fcc2402c2985eb62ddc74a3c025579d1a06aabe9f9ff23b39ff3b97f5e0f8f97535590032a0b09560f78
SSDEEP

3072:s3I0EJoDaEoQBS3TxG/gQaGkOPuI/DIdkid/l4q/zM1M:cJETo/faGkOPuILKle

Score

10^/10

rat sy13 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy13

Decoy

shophouseoftrinh.com

xn--i9q20pc9dov6e.com

kconevent.com

qqcghjb.shop

huirushi.com

havesat.com

5201314.fan

agroyouth.com

mertking1017.com

cled.online

825symphony.com

nutvc.com

solarenergy-price.live

brinhos.online

sexonlinedir.com

slotonlinegacorwin.com

tsescort.beauty

performantcap.com

drmatheusrodrigues.com

oxfighter.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3048-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3048-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB