Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    528-68-0x000000000041F150-mapping.dmp

  • Size

    369KB

  • MD5

    a35f14d55c5e85a871f36d7dc311ec97

  • SHA1

    bb3ff46ed3d8a4cecdc9b68e2033e15b73c15356

  • SHA256

    23676e378ccdf5ae3ac2eb673ad14fca9e3802e67e534f1b9c3b6a2a8cdc6aff

  • SHA512

    32e0d7b14856e19a2d81db3b1ba33e5ee60511ba5ea8d40fb531f0159496849391555b7a0783a262d7a9163bf9ee93cb34d9ac999cdf248121042e1c760e2959

  • SSDEEP

    6144:rSNCJZsqbSEvXc/G6TofkhPKNCJZsqbSEvXc/G6Tofkhn:FJZsoXc+xshxJZsoXc+xshn

Score
10/10
rats92nformbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s92n

Decoy

granlogiasoberana.com

roblox-so.com

buycarsonline.fyi

thesaleworld.com

laterlifegroup.com

lov3stia.com

frdgg.cfd

businessllp.com

margaretsbeautifiedshop.com

123bet.store

sadalagran.com

psychedelicshippiez.com

bonitaspringskayakrentals.com

thorsbyinsurance.com

visionauto-int.com

k3cosmetic.skin

ilogtv.com

one-big-yes.com

houseofmorrow.com

pisigranjariogrande.online

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat

Files

  • 528-68-0x000000000041F150-mapping.dmp