formbook | 580-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

580-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e95f026ee4e4a51ce06988684fc018dc
SHA1

60fb67023c01741b090b05b04727f045037e66c5
SHA256

0d2bf98e298399166fa4d7086950a2b9951c4de2c80177af37f9e115f6e57493
SHA512

d42951a4affedc4e25697df330cddb87d17ee026b4695fbc35c0bdcb585a14731124391f42d19c1b5e8408404a8395e3280e3119b6a9c4711f20486d727b6d88
SSDEEP

3072:wf8YwcEDDHlVPm3ORZLI6NgXwERPl9fbDtZe3FfeRKg7CzaP8GEm:7fQOrM6NgXwYfbJw1fYhr8GEm

Score

10^/10

rat d10a formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d10a

Decoy

tprgamesslot.com

1wautomarketing.shop

jnfc.bar

reelestate.info

coolvenead.buzz

am2pmconstruction.com

casasbh-digital.com

kmzu.info

magabestonline.com

evdirect.net

utaxi.app

gamemakr.tech

klsxofficial.com

qfaw.mom

bwchosting.com

joseli.xyz

carnelianintimates.com

manarnews.site

axacpe.click

pinupmeals.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

580-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB