formbook | 1696-1045-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1696-1045-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

515829b51bf0a898abae6597034f1d42
SHA1

c9078794cc908ee6ea35e4fee898cc64eef8841a
SHA256

51955ad32b351ccdea900c8fa0a223e84e742b449ec703cb5216f55382ec46be
SHA512

e1045a6037d24ed97c2410228aa3dbc4d2b199697a3121953c73ba51b6ff10254ad4f02f20d00ab4d446e110c3840260b38fd2157e34ab815459ac64743f51ee
SSDEEP

3072:XrNO0kCgRx0pGY3RdK52rOlwFhhVD+joLtVzLP6WFB2v:NgVWRA4rOlwFh5r+2B2v

Score

10^/10

rat b21s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b21s

Decoy

cannabisvscannabis.com

family-doctor-79417.com

dec-72.icu

champion-tips.com

hal-housing-and-lifestyle.com

rubinvest.fun

martinkeyword.top

rise-site.xyz

mystrapples.com

refpaxwrsjmf.top

ferrusracing.store

shopkalb.com

zhangnational.site

jameswillms.com

g42ba339r.shop

ivbeenreset.com

classiccollection.store

anysprays.com

piushelp.com

aternoschain.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1696-1045-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1696-1045-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB