formbook | 552-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

552-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b999690444527ced815712fc2d7d613b
SHA1

f6d6b7910ff258f012edb2a79c134d4f491a8cfe
SHA256

8fd5bf9cf251ac032c1a0dda1ad58a9e6f45c6e5123fe241b45f3144925a8a9d
SHA512

cb461080711be2a9712ce27c952b36c31cde629098dce99efa140e58823d86644288c8204634ec0dad2447f6ce9601b66e00631dfd3dd4bb772855485749d6f5
SSDEEP

3072:cCzGF4VPUHH3jitJHu42GISdLVRKuNVEmcQ3kcE/k0r0CjUH:rV8GLu4VtKuHEm98vrFjU

Score

10^/10

rat g2si formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2si

Decoy

joshhawleyisabitch.com

clubterpellm.com

informacoesedicas.online

luxury-watches-22868.com

dttqy.cfd

shreevedcity.com

youtubemore.com

oimetya.xyz

capiltd.com

jifeihu.xyz

americapitalcreditunion.com

bliinspections.com

bmtiyu.online

informatoetutelato.com

certifiedbuilderoffunnels.com

britanniatimes.com

mvloqpcuht-7418.com

ryouri-zyouzu.com

xarrel.com

laptoplike.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

552-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB