formbook | 2024-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2024-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

25ef0943aa2ed2d0a4cc37d8f1c4ca0a
SHA1

24eaa11f801196ccf35053b4279572e082d5d57a
SHA256

8c485c6db57dc4a4c3fca671f226dbe835ac067b951af218ea69174004e865f5
SHA512

8240e02eca43612739c1d9e250d72d294d27b8276ff218d8dc27a7f98c72b91019096c828ab7fd606ff372cf7b721af55dd79b4cda053910b04b17a78f6e46cf
SSDEEP

3072:tkyKAkr9/cxNHa3kf1t0zycUarhn9SsfJ6rPhkdZWH1nX:EScktt0Carhn9Ssh6twZWV

Score

10^/10

rat cy35 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy35

Decoy

anfomakina.com

samruddhabhartfoundation.info

luxgems.store

tencstudios.com

prosperitycpr.life

fauxroofingproducts.com

adjoinsquirm.sbs

zjdingfeng.net

ellaboratorio.xyz

cobalt.church

dqjintuo.com

radiocontinu.com

sdelajtort.store

wypr.xyz

invisiblegoliath.com

keywordbranding.com

blackopsconcrete.online

17wow.life

fontaneriajccaballero.com

huseyinyarici.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2024-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB