formbook | 872-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

872-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a740ba7260e466edda4198388fd31a0e
SHA1

9a410f3d26065788bdd2f132e089f73640601e66
SHA256

c18b8507f08a4cf285d6d1a9b918026424381b7aa93a737544de3f7eb0db21ca
SHA512

9d8904abf8a26147d98ab9f67136b620c829bd77b99f60a1d03a670ad91e87249f0708d22af02e69c56e0a1168a670667c8af79622a5a507357819876d7f4c7b
SSDEEP

3072:MFJPOkA9m4st4r3qkFa4o6jeD79Vk2sHtNtFEKaEKTPGg:R9pDqk436jeD79G1hK

Score

10^/10

rat ey84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey84

Decoy

agencecapture.com

ky4149.com

thetherapypractice.asia

serviciosemi.com

tprhddxvn.buzz

prompttransport.net

tuv39.site

swd3.com

arti.fun

9kriketnp.com

prozoriy.fun

locphatapl.com

impactxp-dashboard.live

sponsoredoffers.com

buy-used-cars-sa.store

crown.football

jaeralintel.com

rapidguides.online

creaminthecoffee.com

makkaa.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

872-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB