formbook | 1812-68-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1812-68-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a18550a067b7d87987797d33416a0c47
SHA1

f80779875c5d6c0d5b6c9aa94a5b2c241b9b3d34
SHA256

0b215702bf9193d41563809eb3e6f4df304cab077cc582de8cc849a26b021cde
SHA512

139e6abeff689d3f29f0edb23af00cc40fb34b08b228306a3afea4490cf8ce67b5c587ba8ecbe4536cfa6c1982f1bdae27739e3f5b3c0ce4316bce3f81eccef4
SSDEEP

3072:Nrrck4TuwdBE33YHkOIJOrPr35GcfT9o02fjr/hAGtzHj:smHYEO8OrPT5GcfCfjrDpHj

Score

10^/10

rat gs25 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1812-68-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB