formbook | 276-60-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

276-60-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8166db7514ef4b168373c813c6f032d6
SHA1

2d9f1a2ee66734ec2b62bb3e0e7aff18b452bcaf
SHA256

cda52e3c2a0eddaa8c6c6bba012962c50ef15a2fb8f53425c45929f677af0d6f
SHA512

64debc5ba67a675c146bdab722dd775ed9d0b44f1d4a5bf7bddb20b70272531fe71182a52b99c70e8501f0687fd0048f0313e029cb373dc50d62a9ced4d99001
SSDEEP

3072:6KpKktx/p5hm3KB2MmbGqbLcykhYDqYxVzXerDcQvM6wYOx8f:pvQKoMqfbLcykhhYxVzXADpvjS8f

Score

10^/10

rat p205 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p205

Decoy

orderactivgreens.com

quickshipfloors.com

planetcompression.com

deluxparlor.net

heartrootspirit.com

getmoremail.com

ourbranch30225.com

louisvuittonsmen.com

heritageshore.com

7336m.com

nationalcl.com

elluciangovernmentcloud.com

youniiqueproducts.com

stlukesparkcity.com

dundeemrc.co.uk

homecheck-in.com

vintage-charm.co.uk

empreendedoranatural.com

fineduconnect.com

nvcukipj6.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

276-60-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB