formbook | 2804-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2804-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

399914180e01b339e41c98b76241d5a2
SHA1

c2982df49285a30ab8efae979a38d59149cff7c3
SHA256

59b69542cf408725bc643480fc203c6a4ee87106b66d13570b57fdfd3f542ef3
SHA512

83ee8d04f74fcc54e7437e7d1130779af273e6da87a775414bece642bf3a0f47d7c5df38d2fbd18b296c6aedc844fffa9f7f945d104f6d0658d4b167ff10e7a6
SSDEEP

3072:raNE+OYInNX3fl/tusd805vwO/JPQ6BX159sV9:IOnfxtusR5vwOxPXBV4

Score

10^/10

rat eg21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

eg21

Decoy

cellphones-81861.bond

bxxyohs.sbs

hbpv3.site

maxslocalattractions.com

3m4nvhp.sbs

kittys-wonder-land.com

dhtblocker-oficial.site

alydevine.com

ozshoop.net

chuanggang.shop

access6.site

harmonys.store

leadsolutionsdigital.pro

aprilia-nidia.com

xn--439aw40b.com

twins-english.com

h7yr9y1r.shop

annelux.shop

cherishedphotography.info

politgame.fun

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2804-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2804-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB