formbook | 1600-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1600-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8a4076bb02567c6dca42ef9338c41dc8
SHA1

1a56b3184458619ef9a551b09469db89fa2aee11
SHA256

203d5180094186f6c16a599e06388d6b5a09f922f17fc8346124db9ecf26ea80
SHA512

62b0a212cb4855b3ff3f6e2137e725bd7e7cb9aa7f209dc1ac149baffde27e99b28cf745966b3150e56e44d03f53f9a3ef790b22997ceb19a5e163253a567ef0
SSDEEP

3072:bhdXuiZkeQphdTsox3B0H++3qv4c0bn6T1SBOwLB0PWRF:1xSftBCN3qv4c0b4sXd0S

Score

10^/10

rat g14s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g14s

Decoy

highnessmagazine.com

mokeyshop.com

remotedesktop.xyz

bicielettrica.xyz

addoncarzspa.com

ironesteem.com

asset-management-int.com

newportnewsaccounting.com

seriesyonkis2.com

hhivac.com

shrmgattlnow.com

yangzhenyu1.xyz

prettylittlenail.com

phyform.com

fggloballlc.com

gamecentertx.com

apriltoken.com

agalign.com

jointventurecoop.club

pengqianyue.tech

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

1600-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB