formbook | 1060-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1060-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e8436b00a1191e1f47d813b6972cb719
SHA1

02d934473e83888f83569067fcdc90ae0de36800
SHA256

b9b69f120a683366119c23a64194c6e40c370a224414d2bcbb1474d5c104d430
SHA512

d055769356fbe976ea4ddafd7296c355bd9f0e0d61adc95a8e447848af2176ffe5d0191df9ea9f2b78bef4027d4075e17d770a2661b0f800ba944921143ba0f9
SSDEEP

3072:2yQkEUiBjnDC3fX2ZJwr/yrN202GyWDhIyp25V5Gdr4IpNR32eWjFDa:Xy0fmcr/ANV2/WGyp25edrHpN9L8D

Score

10^/10

rat ft63 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ft63

Decoy

kontadocl.com

aldonsupply.com

heirloomtreasure.com

lojadeteste.online

huyy888.com

brandten.club

learnmanualtesting.com

elginworks.com

laurasells239.com

deathmono.com

aflora.biz

bnbpromarkets.com

parhitproperties.net

wavemail.africa

kolagaames.com

hunkygifts.com

anyprofi.ru

byhbcf.cfd

lonaturalreviews.com

fiduciaone.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1060-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB