formbook | 1972-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1972-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

add905455fc8896bd87f4af9d39e4a45
SHA1

2c423b38cac4f4e8213e359ab55071b50a6cddcd
SHA256

7179b0abf67dd5850b7ae92f93f542c01370f6255ba78860eca44f3a5ff79303
SHA512

4036f822e54346d2ea2ff2c0c32f355512713c66aecd54be2f250cea756d88478dea298ce797bea2269e2dceb75a9f6c21ced8a1a11995a603c9b8cbe0a06910
SSDEEP

3072:xO3aqFrfLbrXEfvNofIcwXhGvlUJUbsdliqpyct+OtTsy9YXoiV8:MakLe8IcihUbsdlscUIsy9yrW

Score

10^/10

rat ndgi formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndgi

Decoy

vuicotvxrejp3il.xyz

w3fa6.net

sappuno02.com

konstruksirumah.xyz

usalifehealth.com

and1f.xyz

atenmentfstinfdow.beauty

primepipe.net

roundhouseny.com

alexandermcqueen.icu

transporteavalos.com

spankmetaverse.xyz

jhccowholesale.com

bielefeldgebaeudereinigung.com

saintraphaelschool.com

larifaa.online

dejabrew.info

izabelaeraphael.com

granniestoneet.com

greensourceseed.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1972-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB