formbook | 680-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

680-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

af7bcd1ffe605e4d42e07f2a1b8f8b96
SHA1

85573aa7d045c1931edab148043b5a640169fcec
SHA256

06aa27329d87f232684d6fe4607c80129616913e107e86a11c3b9e85191d1c72
SHA512

6744f1654550045b3f21404762d003dff81bf5aa2b8dabc7e7f849f9c492994787831a66cb8091cb93dd9e825906c086bb53bdc80c6036f423b1d107471df6f5
SSDEEP

3072:40ZitFxQYFl8a3oKViDB3Ozp9q6tk8b0srEtZopJOrSxC0Fbb:b7yXiDNOz+6tk8bdYtmyr4C0Fbb

Score

10^/10

rat he2a formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

680-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB