formbook | 980-74-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

980-74-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

83d221b5965e4752a984f1921fe37bac
SHA1

a5d242fefd763b2252400dc98ebe9e48104cb6f8
SHA256

f84431117c3952b8d94822fa8af58dfea32b673f261b4387b819beda58418d73
SHA512

840a4463770fda8b1cdc1d72c3044d77afca4384410bdcf9754c682c47116b2714d4921c15be870c3771fd45fa1d94330b8e85403b8c4ebfa2950d627eb33d5b
SSDEEP

3072:SWzhkyOn5UHUg35M9WQBrq/VqUGZ1WIxq/u9+CALpgaS5s01u9n2:jp0u54Vq/VqUGXWyqm9aO000x2

Score

10^/10

rat n25n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n25n

Decoy

counterblast-stately.net

anhuiluan.xyz

searchscrealestate.com

ipfsvault.com

q2307.com

doingout.com

empyreanaudio.com

defectivehomes.info

intlword.online

costumeking.kiwi

backachersalpacas.com

kellysheros.directory

mtbscecure.net

realestateprogression.com

shengmimama.com

sdftsb.com

ghafouli165.online

effexorbuy.top

flipgrill.store

nevadatechhelp.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

980-74-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB