formbook | 948-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

948-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b44144a5fc3f4aea0fa24d02d0f2be2d
SHA1

6bf07702066d817730aa92ab418b54b16d9fe91a
SHA256

ab4af57dc3ccdbb721db6137cf62cdb614ccf26f6c233cb00331ed6a4a8e4ac6
SHA512

61d03ec0fbe44be83a1f32e4d0833b49be1b05abcaa146009f45f5f28fb0f9ad999d04882e64349e3cee11cdd5f761688c39f3da3b575b51ec56a17379ec8687
SSDEEP

3072:mD1tEiYlJIPv3k6SGr32mJK0cRiz1wFxZVaBVOpLgl8WI:09vkxqJK0cRcwFVuYLgl8

Score

10^/10

rat mi08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

948-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB