formbook | 584-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

584-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

976dfceab999a20be4f736298d21c9d2
SHA1

252e6e89acf9e2d9a47af5720027a7e3bed3ee5f
SHA256

676137158fbf30ecbc17cc0348fff0b600ae665b9688e833b72de3bd82ce426d
SHA512

be82e11bec7643920d8db5910495baa309547076e26b3b58f1d4ea7911d12af6c2709214088ace21640e862775f1c9cd24d624fe2dbb56f7ac02586afc8b38f0
SSDEEP

3072:FnJmZFZJSDw5TbnNLgxRzBQHHa2Ubzf+7EBz8QV9S1BCNDarK9+Dcvd7O:ZAbN4Rzembzf+IBzxaBgvdC

Score

10^/10

rat f9r5 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

584-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB