formbook | 1768-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1768-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a0fc2eaf7b161873c1ff105f5947ebb1
SHA1

829daa3defe9efc76681194be659c9f7b30ea3c1
SHA256

356f5d5404660b15dfb3b97007c9783f247d27bce6ee8b32ad06a7bd1791ccdc
SHA512

d087ef96a8d0cd55b0d1f92f9d9e82ca9034b88b3365cfec037a4392cdef53161c041ff984d6db1cdd839c1885dccfde5bba2e7a6b0fb920b03194383117007b
SSDEEP

3072:yamjkv98MDV9I30sG6f7lu4KMAaOqEQBm2vEVZNuMdlE/9/:D/G0PS7g4KMArrWm2vEVZrdlQd

Score

10^/10

rat n28y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n28y

Decoy

beatrizstrackcruzadv.site

avnetts.com

digitalnomadlist.com

ibr234.com

fallrivereats.com

walkandtalk.org.uk

nmgxhcf.xyz

8yyds.com

sz16800.com

cc-nice.info

vcxtol.xyz

drheam.com

connectgroup-marketing2.live

chess-school-am.ru

ghjghoipf.site

eteachpresent.com

deviantoutlier.com

jingjishilunwen.com

digitalpersona.agency

llcdxs.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1768-66-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1768-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB