formbook | 3184-24-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3184-24-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

57f385f06ef1ebe16da3ccc1179ec207
SHA1

b1778ad79734b9da8224ec9d71e34e1268d3ca35
SHA256

7092a1b45b54906b89605c6b7ba05a7220f8f68d6bc0b0227cfe85c70753d8e9
SHA512

ee531aa20df911470ec8f048ad79ce49fa8d2a47884b67c23b74485a383ba668cc3dcaf4c9d9b7b60c042985f26e2f7976e0adc46ab01b8eb3ca9ccbdc8c7bc5
SSDEEP

3072:A/XHSFrgvyRJ9Q0WzurZWol/1pfPIgYsjvX5mJhhmZ3Ludewd2jXHIyl/h:8/vRhur0ypfPI5slmodLu0NXo+

Score

10^/10

rat bi14 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bi14

Decoy

ilansocials.online

rishticodiegfortyseven.online

ostase-ba.cfd

cinema.tech

omprasyacol.store

esir.shop

umhyal3gvbpl.xyz

lurv.wtf

aospin-sms.xyz

itness-apps-workout1.sbs

reshcarluxury.shop

3xq3.cyou

erraceheatpassion.lifestyle

octurasys.net

ilyrug.net

yj889.xyz

railertof.net

4270766.xyz

sduoduo11.sbs

oeboom.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3184-24-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3184-24-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB