formbook | 3068-139-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3068-139-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b6d77123eb84e8b4e80eb507eee82d40
SHA1

1d68180bf9c9ddf5bb7e7c8c8b41df88d4ef803a
SHA256

581302fc17e3e7a0a9db771dadc432241202eced73835dfdd27e14e584236e27
SHA512

4476161d0dd4c9b601ec17fc3c323eba37c5c98dc13b326c52c7140215278a6bfb3ecb188fba6055b22105b906af0356ccad6b1eff8b0fc40cabc80e590b1ed1
SSDEEP

3072:689CkPR+se9UMR3uyNkDtbjKOkPo+gRWu7rqTwkWTq2et8kS6yG:fE3NuKkDNKOkPoPWu7uTc5eu2y

Score

10^/10

rat b21g formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b21g

Decoy

educationandcollege.com

localizzaportale-bper.com

germanyvs-japan.com

getsetupmail.com

fashionclick.boutique

acuitycensor.online

colegiojuanpablo.com

1-tages-nothelfer.ch

antileebyungchull.rsvp

hxtx.xyz

e2web1-can-081900.com

balancedlifehormones.com

cmach.sexy

metrobots.africa

caraangel.com

caspianoakland.com

ecpim.app

binar-zia.online

cedy.top

oddjobart.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

3068-139-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB