formbook | 1176-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1176-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a560d0a36cbf1b482e4db04425f069a6
SHA1

1f9988ea0ea2a8a9f712b9f8039034f4588b5bbf
SHA256

6c2531b74f057ffcee81784ea5c6ee71dfd87cd7d10177d8ca80221ce41c41b0
SHA512

19b489c28f7e134b72a36599384384c705105e5ef1ebd5dfa3075857b6da26a33ee904b70da018aeef8df5ec014cc470121d8c0efa78e28b514ff2b71fc8a217
SSDEEP

3072:OnRfEc2/h4p5316wuy6xQm86OKrQzYP2eELYCxPMG+5b/jlr:mvl17D6xQm8UG+b6PLIjl

Score

10^/10

rat vr84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1176-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB