formbook | 4280-207-0x0000000050410000-0x000000005043F000-memory[.]dmp

General

Target

4280-207-0x0000000050410000-0x000000005043F000-memory.dmp
Size

188KB
MD5

98f8bc6b56dafa87ef8e79d321442eaf
SHA1

f3314656dcf02729a104bafaec834f242e558d91
SHA256

0b47bc9f845c854c4a1e74c6a19be7911b9f0ca2f587fc72aab2eda5ff8e8937
SHA512

d719d5e783becd794a7d39aab04e166e0f2c6aab77f12b12d7fb5ceda1386bb6b6e175d383b9afed784ac4d22f700b8a7ad315cfc2dbe252cfe0f19065eddb0a
SSDEEP

3072:D+DrE3lYZNB269u3eGh7VfJbzGApbOr8l2xgkdIqr3tD3:Dmx9IeifbzGApb6HvdIqLJ3

Score

10^/10

rat ee27 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ee27

Decoy

gasimportsfiles.com

hospitaljobsindia.com

mymortgagecantips.xyz

yourenotalone.world

livethejesuslife.com

sobernv.com

bobgruber.online

badu100.com

id98qq12.com

naturalex.co.uk

metathrillrides.com

blessingstowing.com

juddsbarandgrill.com

qrcodemania.com

haodaculture.com

obot.xyz

soupmortgagemark.xyz

top-road.com

xiaoterv.com

madrstyonline.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

4280-207-0x0000000050410000-0x000000005043F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB