formbook | 1776-84-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1776-84-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

6f49668454f836bf955184b5c406affc
SHA1

c7b6a5147ba07274c4d5408de41ee999e1d5a41f
SHA256

bcf719126971620d49065789d7d7dfe2a0d2badc6fb0139e0efae1e18ffec440
SHA512

afcb29ebe296b327f8cde606425ea0e21044c4cedd52d73b7f5c292a5121689fdb3811b65216a9fe14d7fc4b2c223768b69d6ace29fdfd48f8c047002c29e199
SSDEEP

3072:UYKB4kFKpU1PJ3fzLAvtLmqP376YQdySlo0d1C/4DE:Vgd1fX8mqP376sSlo0Xa

Score

10^/10

rat dy47 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dy47

Decoy

tjwya.com

wevlong.xyz

f1frenchgp.co.uk

thegoodone.online

stylincycles.com

turhit.xyz

snowdoncampers.com

aaecobranzas.com

zdspgc-pagadian.online

bmstech.us

qifeitm.com

oort.tech

lveworld.com

thenorthside.online

vinyuup.xyz

asdmojs11.website

clickreels.com

smithshade.online

daveswingznthingz.com

homefrontfishing.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1776-84-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB