General

  • Target

    1384-64-0x000000000041F1A0-mapping.dmp

  • Size

    369KB

  • MD5

    6e95541f6203f26b4d0e56255eb61de7

  • SHA1

    f758cdfc6286321e1bf3a6686fd1de61f1b3d316

  • SHA256

    5d546127961de365409db165975a1214dff43b4965911e1e6c41c66205b9b55d

  • SHA512

    f1f3ae0a07a950a90942a89f901dc3dcf36e8c6828fc32c7cbe456574138bd67d7f221e1216a961bc249e0dcc69beef701997ed7e99f418be769e6768bd34d4b

  • SSDEEP

    6144:RvB8QL2O+W7nBFKT60xy5ZF9tvB8QL2O+W7nBFKT60xy5ZF9t:Rt2O+c860S9tt2O+c860S9t

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

os56

Decoy

australianhotwaterupgrades.com

vipidplus.online

kneescooterscanada.com

pesanterkini.com

madden24gameplay.com

linkbong88moinhat.net

awongtest41saletest.com

thetravellingcatcompany.com

vazxlip.xyz

bangdemcheeks.com

passengerassistance.website

cloud4global.com

prestopizzarennes.com

midlandchambertravel.com

nashwan-d.com

bellescraftkitchen.com

teamtisdale.com

allascooussaa.us

cryptobet365.xyz

cbij.education

Signatures

  • Formbook family
  • Formbook payload 1 IoCs

Files

  • 1384-64-0x000000000041F1A0-mapping.dmp