formbook | 2960-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2960-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2d01b2d42c42f65d1910ebb466d3130d
SHA1

6a4aec75bfa2c3aa3d0c02e84e1c1cabdceb65bc
SHA256

351215fa4698dafc543499701deb31aed2f21d98a7c9962ea8a539d09c348ff2
SHA512

bc8e411043264e63008527218cdab6bd3349e7e979cdf680caa2d4f40d80ae6d5e8a5130d071aa0dd97759f0f59e8c2a3de5728027ac29a91d931ba57a26326d
SSDEEP

3072:htzMC+k7U9fY/0/13Uay9AGYKolYE6uyZ44YW5Q/T74PMu57c:b4HZU96RKolYLRm4oYPJ

Score

10^/10

rat vr01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr01

Decoy

eclipsefoodservice.com

oregonjobs.co

ethicai.pro

frontierconnects.co

elcaporalburley.com

exoticskinco.com

topdeals.biz

carmensbookstore.com

mayorii.com

viewhird.com

bharatcrimecontrol24news.com

sampleshubusa.com

molobeverello.com

nicholsonflooringservices.com

kidscircle.shop

771010.cc

poseidoncrm.com

liviafiorelli.com

flavorfog.online

xaqh.info

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2960-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2960-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB