formbook | 1268-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1268-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

afca526baa3551d847835320444a4fdf
SHA1

9e5bb70f6648f5956d80bfd2019c7a3f59e16d70
SHA256

c694ac48d98534d80ff69273d6ee38f03a52b249e2320de730e9adc62ba1c1f1
SHA512

073542a6045a607bdca85dfb92438ac2cbd9ac6dcb338d37268f7a7fb19f5909617fa15350e6ee6be46ff6c262a1dd2c7a88332da908076643eff2cbbb1fb005
SSDEEP

3072:d2oYgkPN1Gbb8Mob3kEKC60UvbIuwnDOs8gtUWIo29CSNMZT411:428fzkLC6pvbIuwnDOs8gt1IxMFc1

Score

10^/10

rat pr28 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

warehouseufohighbay.com

kingasia77.xyz

americanoutfittes.com

jemodaevangica.com

holigantv82.com

creamkidslife.com

skillzplanetoutreach.com

goldencityofficial.com

choiceaccessorise.com

kdgkzy.com

patra.tech

chicaglo.com

9491countyroad106.com

theultracleanser.com

lesmacarons.biz

kfaluminum.com

institutodiversidade.com

woodanqnmz.store

teslabuyerusa.com

cityofbastop.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

1268-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB