formbook | 2040-62-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2040-62-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

1cad4b87a8098d5c0c0aae71fa1e088b
SHA1

5f84145d06326c717f66a145fb63090fa63d79cc
SHA256

4122f9a480a44b52d07bc1e8b42cbd686d1dd4d23c7b0816eab38b29baaaa3c7
SHA512

c244ddab8e48642cb2f07041c8ca53661c4ec9dd6f1479bf9b3e00d61661182032737175c8f9e07543c668b9f615725cb7daed1fe3b87e8de7b9ecc1ec4214ed
SSDEEP

3072:hcb6E9QXRD1k3xWyLr174W3TJB5p2fVImq3evDwvEs:0OKxBF74W3TJavq3evDw8

Score

10^/10

rat gg13 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg13

Decoy

sunnyislesbeachshul.com

odysseycigars.com

phootu.com

avitosan.com

professionaldefi.com

japanesefruits.com

altheasuiteterminal.com

darlindarcys.com

cremation-services-80353.com

thepropertyoutle.com

5gotodayy14.com

hyvr.info

thedoulanoella.com

mrtilefloors.com

playerdove.com

eaglexeye.beauty

plevas-meats.com

ababtours.com

intlbase.com

purplenet.win

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2040-62-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB