formbook | 3840-9-0x0000000003450000-0x0000000004450000-memory[.]dmp

General

Target

3840-9-0x0000000003450000-0x0000000004450000-memory.dmp
Size

16.0MB
MD5

358737e11766da96658e1f1311b4ad7e
SHA1

42dc55d6a83b4d4c0f4ad7fe8e8aaac60d6e2d0a
SHA256

8274934523224af63ae1b3c220216a1a48ebbd7e267a1d6cfc7c9f933a048034
SHA512

984e9df57ebb8d96f9b51c5ffa3657624d966b2189a4a3bf641850fcd75969c614e90e6d16360a52d66ab5635bd073964cd2be1b31913b086bdaa2d67d65d102
SSDEEP

3072:Wlk4Frz5yhOZjJpHHEWc+cTZqBthe4LVb1nXT+JJUvytti:b25HPHE/LqHheyVZXT+JJUvy

Score

10^/10

rat 6nrs formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

6nrs

Decoy

mteverestminiralwater.com

northlakesodllcgov.com

de-guru.com

iwz-69.com

323va.com

tiktokshopbuilder.com

sekisensei.com

jcpublicschoolsfoundation.com

yangguangdadao.net

dingshenghr.net

yzyz458.xyz

topmczonseo.com

financeconta.com

handtools-88870.bond

scymedia.online

rutman.store

qlpss.com

righitch.com

parentsrpeople2.com

appeal-request-review.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3840-9-0x0000000003450000-0x0000000004450000-memory.dmp

Files

3840-9-0x0000000003450000-0x0000000004450000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB