formbook | 1064-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1064-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c33d57a4f2098812e71f12f2f2f3706c
SHA1

cab017b75591eead62130393fe006b1f5186398e
SHA256

deebfd2aa9d82cd3b6e01d3319b3e6a8c01f7886ecfdfc592edc61cd5b1a2c55
SHA512

1d87818e599aea5ffc8c8210f5edd319fa00b40edadb9df8943efa65bbaa7a9fd31bf938800a3df1fa9ae7a6efbe936f9ed754b5af7a0671bead1cba933efb1e
SSDEEP

3072:t3cBFywEdj1MYjXLa/RvgkDZqNdpb9M8RAk9AS2zgI0pRxeP1Ll:+tWLaZvHqNdpp7CWd2z0pXW

Score

10^/10

rat h3ha formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1064-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB