formbook | 1656-77-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1656-77-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

4bd43f11ac4effe6c735176be8c8a289
SHA1

034aa765715e5c7d4d2a3f929c18b3e0a5c94b17
SHA256

783462691ff9958acc212df4b619a1cc503d14038ce929bc6732e7f96df1742c
SHA512

2cab9749bca630136f6b78f0e64afef072e80e1be1859814131cb909984dafed948091bb0ebd7a9cd35021f67d3bd1f11510eb2eefa74c39c686326f80079c7f
SSDEEP

3072:96VEkUSgxZ2s2uf3xPt5pOSNbTztlHzSTvFQN+ia/vbqidCgt1D5jzVHnOT2K:Esh/fxVXbPtlHWm7gn5jzFOT2

Score

10^/10

rat sp32 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sp32

Decoy

trojnar.site

aegle.xyz

raicesconamor.online

helpusellvisalia.com

neverstopgiving.life

sikhitomax.com

motofisher.com

the-offplan.com

thedigitalintrovert.com

baledmund.com

myroomnow.com

digitalstuff.online

all-cat-blog.com

sanfernandovalleynews.com

robson-eilers.com

premio.pro

sundwelling.com

erpinstant.com

pekajoip.online

youmeandweed.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1656-77-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB