formbook | 3020-934-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3020-934-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ea7c195fbcafe2591c15d1d15c718597
SHA1

58bc43ca89b824a2f0af365cf1e1274f31437bcd
SHA256

a7311ac2ddc8ad19d3406772962858bb7a82dda7a322ec70339232b92b2db04c
SHA512

52d007eb391bcb8f0227b4d0027f66818adf365eb52dd55955b534125e46ac81784f3b576b9425572cb84c2e9b36e18d0d3c059f7c8154613655650925cb9bb3
SSDEEP

3072:V+9Euq09b5ae3/dNcrX+T6nbB8cgNSxxuay42iRNH91/rDsM0f:R/4/vSa6nbB8PSxu4XRNHjP8f

Score

10^/10

rat jo21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jo21

Decoy

prolixmonkey.com

towing-bradford.top

vision2030.blue

babeleurope.com

blaqrosehair.com

supplytowing.top

lakehamiltontowing.top

b-sigmedical.site

pokecana.net

trainif.com

oxygenlogistic.live

gravbolaget.com

inv8ltd.com

kiddieboost.com

allegantowing.top

hesekieloblitus.com

learnerscandy.com

xnxx3.wtf

shopfebee.com

kmrec.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3020-934-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3020-934-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB