formbook | 2036-325-0x0000000010410000-0x000000001043F000-memory[.]dmp

General

Target

2036-325-0x0000000010410000-0x000000001043F000-memory.dmp
Size

188KB
MD5

64b53cbaa8abc23c924ec9743f5c7f94
SHA1

b520538546d600c5adbaef1ec4b4475c0f5cfa37
SHA256

49b9541579472941660fd32249fc2a19c16678776b8bc07cd90fc54fe63d682d
SHA512

a69ce872482592e203bad00024a29c181b0a8c840d3c69548f62a6db7aea3279d8056560b358686ae2f4e6201d62f58fbc0f3e9990696d8bea6d89e230b57783
SSDEEP

3072:5ajhMPF1hQXXOoow5hfVj2celirjfT9SchQghG6uK/SZSsP0xNM0Fp2N:MMvJoow5ZxqorjfT9SgY6uGDsP0PM0Fs

Score

10^/10

rat kmge formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kmge

Decoy

jia0752d.com

cq0jt.sbs

whimsicalweddingrentals.com

meetsex-here.life

hhe-crv220.com

bedbillionaire.com

soycmo.com

mrawkward.xyz

11ramshornroad.com

motoyonaturals.com

thischicloves.com

gacorbet.pro

ihsanid.com

pancaketurner.com

santanarstore.com

cr3dtv.com

negotools.com

landfillequip.com

sejasuapropriachefe.com

diamant-verkopen.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2036-325-0x0000000010410000-0x000000001043F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB