formbook | 1280-84-0x0000000000400000-0x0000000000615000-memory[.]dmp

General

Target

1280-84-0x0000000000400000-0x0000000000615000-memory.dmp
Size

2.1MB
MD5

f0933b3e9285280e23cb04dafceffece
SHA1

691751d169274c15c8089683690e55bfccb27c23
SHA256

29327fd8e8bd000427b954467e317250c47815993ec5243e70eb4cd78d58b9a2
SHA512

74e1cb6909d0b241321075421775143495f90372bf848077880c0fdbd1f798252e5aee60f365b1c61e6b5d142a40f941ec06b809cc6a800c413826bb5f7526d3
SSDEEP

3072:Fm4mEcAc6X6+ti3qitkz8Vr2/qUwYsWmYxS0zK7B0+wvw7uN913:IgtUq5zGr2/qUzTbx68vw7w

Score

10^/10

rat o17i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o17i

Decoy

chocolatebarreview.com

fetch-a-trabajos-canada.info

expresspestcontrol.net

tractionx.co.uk

vitalassetsecurity.com

lahtawine.ru

firedamagereports.com

bentzenphotography.com

digitalworkforces.com

divnoe.online

efefbig.buzz

melhardy.co.uk

igorsolutions.com

developmentszhuiservice.com

fookspace.com

kredaroo.com

4zpm.xyz

kycecat.cfd

singingriverhomeimprovement.com

bils.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1280-84-0x0000000000400000-0x0000000000615000-memory.dmp

Files

1280-84-0x0000000000400000-0x0000000000615000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB