formbook | 1796-14-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1796-14-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b59c029ad2e1aeff94480fe91cfebee9
SHA1

e7fc158f3acc03ac1108be3caf15cd90654e002e
SHA256

bbb3bf1deaef06ebae9bf68b949c63002b3c9c8f1f4693d8950daaee842c8928
SHA512

638619dac5f4b4f788590ad6f4a6f792b1aa06e0ebc5a112b7a75c7201c5273e0aaaedaf63816c0ad3428b424e58db12089eee3afccb0ad75cee4e7b2597430f
SSDEEP

3072:o/9sQc1gHuINe4Uq5p+Fnnx4q4guKBdLCrAfmw/RBCteAQrh:IDHwmpinaq4tKBdLyomMDFN

Score

10^/10

rat btrd formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

everslane.com

prairieviewelectric.online

dszvhgd.com

papamuch.com

8129k.vip

jeffreestar.gold

bestguestrentals.com

nvzhuang1.net

anangtoto.com

yxfgor.top

practicalpoppers.com

thebestanglephotography.online

koormm.top

criika.net

audioflow.online

380747.net

jiuguanwang.net

bloxequities.com

v321c.com

sugar.monster

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1796-14-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1796-14-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB