formbook | 1296-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1296-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

539e287e2c404a08ac9ed0749ef9262d
SHA1

dedee29e1f05b7bc9d6725ded917724132dc2a75
SHA256

6ec4d5218f5fc900bca3f8c2364472e16f664e04633e636b11911c453c3dd92f
SHA512

c693a91fbbe99a0b0a113664642951a656df896ee2ef16d3655937396e888e167cad2affe79e410be33f3c8947a1d40d3fa514553922668c12994a048806eb80
SSDEEP

3072:crsoxzTkc1cMvYr3gdBlaqZYUIt1PuJOPgCWUyQNXh/eBTOe:ouDg/gqZYUItFPjWUy4xmBZ

Score

10^/10

rat sk19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

1296-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB