formbook | 3184-138-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3184-138-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

609c949f1ebca9918d70ff21944fb3ca
SHA1

7317cbd029a76c5e4598cfcb28e367bf9c41295e
SHA256

7015d6539369ae8badf9fd101c1d321db2f4909da2c11c9671d5b1af87b4f072
SHA512

5edf7b53e44a215ea54117a6c39dda87865832c053985c3d29f7d3ae6284207fe58944080a57070095b14298a1e30161f2b2066ac398029bd72c0ff3aa2cf3b3
SSDEEP

3072:vj8QEkE4BRltk43eeDVohHBLeJ61X+iJzdD96dKlfKCpENOJi:veOq2eUV8kJ61X+iJ5D96dGKCZJ

Score

10^/10

rat jn85 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jn85

Decoy

106c6423c3.com

vittoriospumpherston.co.uk

furniture-best.com

employersfindme.online

colegioagustinruiz.com

fuziservice.com

differentlokal.com

azzfasst.com

kerncereus.online

johnschottllc.com

disembark-burgeoned.click

cabliviwarranty.com

justzionism.com

diplomy-ua.top

cloudadonis.com

vaalepoxies.africa

ky2088.vip

gsportal.africa

alphastrength-us.com

homerams.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

3184-138-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB