formbook | 516-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

516-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8fcb9d8edba69d0b9db9576ce6385de2
SHA1

3a761c012dfb45ca1541e71ed3eca2f66c8f9282
SHA256

7d013457892c8bc3e5c32ae4afb6ab56ba97bf79c56c085d571c0a204a5cb008
SHA512

4be0c54779aeee27e11b160d07e414fb917c0f9824801a499c5f411a4e44831a801f1a88863f496ad600590fb72d30d9cca4a8f63c78ec932305c2dbd634fc92
SSDEEP

3072:OnRfEc2/h4p5316wuy6xQmD6OKrQzYP2eELYCxPMG+5b/jlr:mvl17D6xQmDUG+b6PLIjl

Score

10^/10

rat vr84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

516-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB