formbook | 2568-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2568-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

5bbc10b514062bbf1adb27c3d79e7c9f
SHA1

798d3d15fbe1476cd705bd181a2ca4c2d3189601
SHA256

7d2bb9642121750d1a02a5fa8c611362d52ce93b2fb122ac9589ca88c4bfc0d8
SHA512

fd8f215a02f9850702ff9477c6be0b26cc423f0d09a786133096f0862b978c0ca8bd580889343578c20c3f476b18426a9bda56f4c4f56665c3d9b4fd42bb8916
SSDEEP

3072:aih/EQRP/alVa3rm0c0BTqictf+gD6FPj2cY261C39M/XNK6E:h+VcrXZqictDyk261C39MfNS

Score

10^/10

rat be03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be03

Decoy

458q14v4ams2.com

priceoctopus.com

betinplay.xyz

bcnd.xyz

1510soliveavenue.com

mcdpropertypros.com

reddcrownexpress.com

rewardlabs.shop

burenbrand.com

revand.io

tractionendurancecoaching.com

jotaerreshopp.com

shopboyg.com

dakor.shop

groundswellmag.life

nehagadodia.com

dancarellibizbroker.com

meconline.co

ttmq.cc

thegoldenyouph.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2568-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2568-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB