formbook | 1760-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1760-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9dca975456433881ccaeabdacf901e30
SHA1

d26b47a6cd6c194dc8b49bd769a9893241f92d87
SHA256

8e523dd77c22291908c3ae482ee3a0fbfd2d210e88e8fa057709b0ac4c48b4c9
SHA512

deaa75d6922f4b1e26bc26d51ea191d5507ab06882352e126516ed5f322d90e17b596ad163aa943a88c88bf05c92e2f6b4197af9a9199b745f2402d87950951e
SSDEEP

3072:Ow8igMFdv/cGe1of1J7VEB2I4MHqhpaoKF3KCf1eqw13yc:CI/zbVE4I5qhpar3Kkjw1

Score

10^/10

rat cqrt formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cqrt

Decoy

fastingbrew.com

mdly715.xyz

july5thpatriots.com

misterbeimusic.net

westernslopechiefs.com

adnanaslam.info

jennissupplygroup.com

llknedlnxvzy.com

mdqjln.today

grillerestaurants.store

rufous.rest

916593.com

xnaoei.com

data-tize.com

9299thapartmenthomes.com

htv7br.com

lawnmowinghub.com

uroafura.com

patriotbeadworks.online

xn--kbrv4kr9humg2qc.xn--io0a7i

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1760-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB