formbook | 848-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

848-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

cfeed53e10a3e54face8d320337100b7
SHA1

e20de9dc1799524b9a435f70f427204fd46dfab9
SHA256

411c4521b0d91e613922b2da017fbbd85888189cfeb0d27a01dad41b89da2cd0
SHA512

fa692588cccea682d0c7ccb944d469e426a23b80ffdd871427bfb7b481f116a96f665249691a881bcf7319007053e1fb86276de5d004994e4d21d14b7d951c31
SSDEEP

3072:nK/BykJK/z8J03H3tHW3aeXskipMnq6ZsQVThoS1HOic26O:S5aHdH6agskilUsQ5h3hc26O

Score

10^/10

rat vo84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vo84

Decoy

laurenciavachulova.one

sabuilders.store

masxot.xyz

matchfail.com

suararakyatnews.net

kykm.rest

richardsmartinezh.site

morehouseweneedyou.com

depressivepawnclub.xyz

yenilenme.net

allhiejralstore.com

9993808.com

sleepshastra.com

weplay-classic.com

propertyofpalestine.com

onirica.club

yohelios.com

fcorruption.com

tongdans.top

richmondmassage.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

848-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB