formbook | 832-75-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

832-75-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ca92657bad3934d7faa114de85423131
SHA1

8d8a0da60469d069169313f66e186e1ce603a858
SHA256

355316413ef356e4e4bf1d5bf33dcb3556c0339a89f363ee55e957017b313041
SHA512

3cdc2c79831f275a4c50134b9d42383b13558495fd03561f2e14eb28dfe1ad42aa4f27dc0e7c1b90515351642140ab39794b7ce3328147cfae9eaec5ebf8403d
SSDEEP

3072:D1ZckNQExOPka23NiM4h7oIqSjq8OAqxRAmV/7p5oViVkUWAq2S:UEMgNTEqSjq0yJN5oWkyq2S

Score

10^/10

rat s11n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s11n

Decoy

ugokk.com

webglobalmart.com

giapponetour.com

ericdhaun.com

sewozy33.com

bgw.info

montakcha.online

rayrung.com

thebranddesi.com

liamba.fun

whatismyipaddress.online

ggg9z-a1bzgkze.kred

greatowlbooks.site

sz1992.com

coolonebr.online

xhs782.vip

fizzell.site

dwpato.xyz

pelicankids.store

gopensum.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

832-75-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB