formbook | 1864-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1864-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

183b0603469dbb1dabbab1343c8eb06c
SHA1

d7fc98bb02438232372caa97245fe96ab8da2fe2
SHA256

f0d0c3ba388a260481a1abdfd65ad1569a0502c34f4630558d0f69a53b22ba5b
SHA512

ac48830cc95e0db0ebaf4a4fe17583449cb9f98a5eb6d534ae8416709955896fdc5c685b2b2469e9d6bc643fc554b8d6ba39f0551a3cf19a7fd020d887542075
SSDEEP

3072:jiu+VcDkYKad653P43SusobC0qn9CAbS3LE0b8EoAS22JWF3+L/:jAHbP2SDqBqn9CqSbEcLoAS24kuD

Score

10^/10

rat cy28 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy28

Decoy

100049723423.review

lovehealthcare.online

immuniversity.info

ihproductions.net

originatorsu.mobi

shxwjn.top

fivemeters.com

planettiki.site

berantaspinjol.online

oregonusedtrucks.com

darkstarkoi.com

izmirhaberci.world

41014.top

georgiaspanishgoats.com

dealstopstartups.click

ravmodeling.center

unsundayjesus.world

initialslash.site

shubaola.top

caserevision.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

1864-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB