formbook | 2028-14-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2028-14-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

38b65b965ff395487e3ec480eec70c58
SHA1

22eee29432b559bd962fce55dc0f969238203f66
SHA256

f10a877a9ebb09aa500a3b259dc6d42ebc0b65cc826e5de4dca78a848eaf91cb
SHA512

4d2135ae8ee7c6a47947202d53ed8f0ae833b0031c90a6921f1591878aef4eb6d1cae7f6b87fea0bc0777909ca53defd048bbf54bca1a75d0dcdbc7b0687b67e
SSDEEP

3072:ZgkYFrIxVQHmrp6g4txvcg/YKxzadxepWnC02sP5iMxH4/w61ST4l8dINQe:lhxJx4tBcg/YwadxepWisP53xHeB1PNZ

Score

10^/10

rat b31a formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31a

Decoy

enjamin-paaac.buzz

mail-marketing-40950.bond

pusems28-post.cyou

hindo.top

ruck-company-be.today

asinos-deutschland.net

ewancash.boats

etdopovo.casino

rcher-saaac.buzz

871166.vip

manuel.app

g3yqo.shop

-9way.xyz

qawgytfexe.bond

iefi6834.vip

ental-health-35901.bond

idat-merkez18.top

rojectleadzone.website

lirudolph.top

migloballlc.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2028-14-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2028-14-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB