formbook | 612-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

612-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0d09d12dcfe881443ac07c155d3e2311
SHA1

f48e5c005abb23639e308bfa95a06a27b3a95f2b
SHA256

1a73057d7958e06d1e0ce2f91ccf0b6f4ab9ff071cf28bc7a6db28ad91754f17
SHA512

bbbfc7a1a845164e16bf8454ac63452084dd729bbba95eb260176ddfbf462a62bb1c6c0c53efe99e8d15e46620d5c8a034d6a02a81a2b353b234437864f2ed5f
SSDEEP

3072:OnRfEc2/h4p5316wuy6xQmL6OKrQzYP2eELYCxPMG+5b/jlr:mvl17D6xQmLUG+b6PLIjl

Score

10^/10

rat vr84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

612-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB