formbook | 1696-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1696-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

3a90e6ed4cebd272f28f9ca7216fc383
SHA1

59c428b3db7d12c06e7e5b5893dea62898f5f925
SHA256

36a3ae92b83cb4dead21b74243767165ab74a8963da4b2c82a3b93781971aeb0
SHA512

c5a5147483e88201c0df0da823619ac8d2d80649a81439d876fd24378f085fc8de9555f89517b45a3dfa7da58bc817a55e69b8d539f620bb5d5a6bbfbc3696b8
SSDEEP

3072:HOBYEUOrW8l6z3DuCMPR8qzbxYuRDs2vk7c4ACTNSq:5OibDlU8qzbxY2Ds0fgS

Score

10^/10

rat w12e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w12e

Decoy

poshsalon.co.uk

ideeksha.net

eaglebreaks.com

exileine.me.uk

saveittoday.net

ceon.tech

estateagentswebsitedesign.uk

faropublicidade.com

depression-treatment-83678.com

informationdata16376.com

wirecreations.africa

coolsculpting-pros.life

ethoshabitats.com

amtindividual.com

gotoken.online

cherny-100-imec-msu.ru

historicaarcanum.com

gpsarhealthcare.com

kx1257.com

abdullahbinomar.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

1696-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB