formbook | 436-77-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

436-77-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

fd19fcc50fbf4d8a76118dcc22bf2d0e
SHA1

14368d9e52c04389a447f575dc8783cea48507cc
SHA256

a44005693477d16701c26f432bf83c125a4a575d9cf0126b57ac714e748a4680
SHA512

69303e9f73710d4b85e7be39d39256b11cab011dd56a845b9209b73e4462591efc030887202bb5e923a2bd294db655e67cfcff048dd40de9b2a385a3f192e035
SSDEEP

3072:R+ZIuEH41kmDrn3GXjuT1agfH4go+Ez6aGke9WxihtLx1EhG:1/+3GTmagfHlo/4j7DaG

Score

10^/10

rat se26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se26

Decoy

xia-s-fashin-l-l-c.com

ig-masters.com

thenightcafe.net

unifiedsecurityplatform.net

pre-gen.net

electronicaekos.com

bukdhvz.top

kresdb.online

rupantargroup.com

thestarslab.net

jennysamuelson.net

elzimon.com

hobigames.college

uadath.xyz

servicehunt.xyz

dure.tours

riverofsept.autos

commercialinsurance.info

vseverybody.app

legendarylocs.life

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

436-77-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB