formbook | 1204-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1204-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b7bd58e0e83b7c048f7f9732d7271328
SHA1

818764a48250b7c212d721ee335d8826982d675e
SHA256

b349f4a7172c2b7904ca946b522972e7f1b727e3c29e14ac989766e06dfa75af
SHA512

9c458cf689e830b3c35a9749692c51e72e4dac1c4d937147b785b8ae093b4a9ab6aa26dbc5b7d5b175edb576816237f5e98d38aca1650621fb6b333897d0b26a
SSDEEP

3072:RhtEi4FnWtWuv3mOhtXT9OZ21TBf2skhXk8+QS38pg1YMfK1WbMJiEXmng2eL:I8vm2VTgZgVf2skSQOt1YMfK1Pm

Score

10^/10

rat oy19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy19

Decoy

ultimateinvestorscript.com

pawstothepavementnj.com

cutiesnapadventures.com

karansyntex.com

hotelsehrama.com

tourismemail.net

luckystc.com

wwzyt.com

97k8.icu

bitcoinboz.com

viajesclick.com

maindns.cfd

hampykostore.xyz

aurabrewing.com

leisure.hair

velo.events

hsebastian.com

kominka-japan.com

mes-limited.com

threesixtyland.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1204-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB