formbook | 1560-60-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1560-60-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e7d0113509d3c4bfd154010940979ed5
SHA1

a6bee849376890bb8c91cec5bc3f5d1240947bb1
SHA256

aec1d6a3a3c772fcfd849b719c9e36bfa9004192ca541690ae7d238ddc7e4b5d
SHA512

ed42ccb4670645ffa8cd801dcdc6f7ea708dc79f2db9aec3048a5694ed3236b0ebcf6ff5b14cdff54530d22311c248c4b2f4c0c231da9893508a2ad79c9a7dc9
SSDEEP

3072:W5kEeR41LNNvpRGIKuezbUTFcZSZr6vb:nwNv7ZKuezbE6D

Score

10^/10

rat bge6 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bge6

Decoy

masteme.online

biomatrix.asia

besttractorsubsoilers.com

alkiclean.com

comex-tv8.com

thetravelrs.com

kamsservices.com

bow-grip.com

kissimmeekickboxing.com

furniture-66310.com

rayongtoilet.com

therobinhooddrayton.co.uk

ouhall.club

lottify.online

sellmyhomeswfl.com

bsebofficial.com

yemron.xyz

yuvarajagencies.com

thedenvercenter.com

ashfordazure.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1560-60-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB