formbook | 1200-79-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1200-79-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

833173736de07f9adf72701c65c69266
SHA1

e344d55428761ef2938d5c78ed1b66320fb7fc9a
SHA256

a88aec2dae15abe1a05ce34b862749c3be038fdf06b0978093aacb07ce942b11
SHA512

07af26cece218e15ab8727858fc0871b0b43094a655f0dae20499aec86116fd0317e0a1e149e28249eae27b0eb234896b28619c6fef39daef487b2f06617dc4a
SSDEEP

3072:PN1JksQe1oe13RS8qq1pasYUAhjSxC8TGWO2p23mCGhucg9XK:zVZRSPqvasYUEpAp22CYcK

Score

10^/10

rat mo16 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mo16

Decoy

rockshownews.com

incncrsb.com

hien-g.com

xp547u.icu

rvaporn.com

tikhomestok.com

meytec.online

beyondkingtutla.com

joseephoto.com

serviceready.net

dufujiuye.com

blinnopen.cfd

api-footballs.com

bajanauta.com

volvot.com

tusjencleny.xyz

zweitwo.online

guiadosexooral.com

soulintheroots.com

electricunicycleforsale.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1200-79-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB