formbook | 568-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

568-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9421846783420f567f347215e79fd5b9
SHA1

bee334c6aab53e296c1592073c608bd08360dd1f
SHA256

91e61c746d5b87a105169090c4e6c7ea8b9aee2caad071e378e9fbb9cfeb51ba
SHA512

abbd775337da85ae3879d1457f4a83ef2b0c3056526473e95101fe6f36baf33015f45079a6f28c2a8fde07721ffd3997475fddf165d6d7754b737d7cc7695ff3
SSDEEP

3072:RFKWUCke65KjOjBKgXlKvifdAqU9GeJCVFzoZG38:fNiculKvifdAl9DCV5

Score

10^/10

rat us90 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

us90

Decoy

1expresno.app

thepsychic.africa

burjbinghattitower.com

hotelurgell.com

goldenassistant.com

ecovod-servise.ru

kbjnonprofit.com

dope.trade

babylon-it.net

dsatyui.xyz

myexpertisebybbl.app

2185866.com

inboxwired.xyz

lamy.life

gic-invest.info

eliteconstructionsni.co.uk

lamygeo.com

courean.space

cremation-services-75688.com

fapearte.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

568-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB