formbook | 1064-71-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

1064-71-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

3a18da74e2499266f1711f610a396280
SHA1

351321e1edc00bdaa00a767daf9cbb6a8d470445
SHA256

85b9618213a7c347ade61f0bea0d3503f9f84e0868fbdcaec7d3d9ca9fdff727
SHA512

c537af121e61d374f43bd3f4e047b213dda9876f9f0e31fcbb82eab50b905786260fb89f89031810e908a5df9d61195c6064f9c038c8ca5448b4d4ed6828cfda
SSDEEP

3072:20Je3zkmJyKWqtud3cyeYtNFrKKbuNHPShiK7Pmvn5eJhowsvlEagID6:25HxARctYRrKKbuBPSIKjmxyJb

Score

10^/10

rat d06c formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d06c

Decoy

douglasdetoledopiza.com

yxcc.online

primo.llc

mediamomos.com

cosmetiq-pro.com

22labs.tech

turbowashing.com

lindaivell.site

princess-bed.club

groundget.cfd

agretaminiousa.com

lomoni.com

nessesse.us

lexgo.cloud

halilsener.xyz

kirokubo.cloud

corotip.sbs

meghq.net

5y6s.world

weasib.online

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

1064-71-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB