formbook | 268-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

268-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0ad61f35e2392cddcc25987ffd0757c3
SHA1

35fad6b23fa4e5fecc5cb3a26d310170782a6698
SHA256

f67798c84ca26b9286f6a8f03fe9f5e1875616789de2f4a0e964e4d48e104f46
SHA512

510f4a02b0f73fd6a668ce62679202208a863c0446ee9c8b891e93c844e79d282fec4117d32ee1ae62c3525f72a3d2b2203f08974e998a45a4482cd3ce6859f7
SSDEEP

3072:MvcKNG8E11C6YVIu331anQzzaXqPzOOZy36OWQ8sSCxVCmif6:WNGvKeI3MMzaqPzO9tECxVef6

Score

10^/10

rat a24e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

268-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB