formbook | 2020-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2020-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

151fafdf29f08ccd6e4ecc6a160ed30d
SHA1

9f9c3c5727719a07a0234cc6fa19c3dcc149ee01
SHA256

caa06a6f8cc963e3ae02a8488f21dda196bf20865c07d0fe1cd43f83a83514e2
SHA512

3b0ed428b8b8eb66eda1244036d6a8e74be65b34ba1ee2d12c22b4421896664407d07213a80e9680cd5cc6df24e1a9e98554ff135c80b153a21295d9645cabeb
SSDEEP

3072:mD1tEiYlJIPv3k6SGr32mJK0cRiz10FxZVaBVOpLgl8WI:09vkxqJK0cRc0FVuYLgl8

Score

10^/10

rat mi08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2020-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB