formbook | 1740-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1740-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

09bae3b5f5d82979c0540fd0a865b440
SHA1

91a7fa2be83a1ca1402ed155acc344111edbd002
SHA256

1dd96e6516167d8b1d3fe20bea446c62d2a60c35ec5b5737fdf8f8fbf2990f49
SHA512

8d0a576a7703e4b5f0476884ab228dede94d4d7dfc225953dc86271ca69e75c8a7b271d069e0d313d5f1ad0165670c1f0c80688961a5ab55cae99141c7dafb3a
SSDEEP

3072:V2VskS5+Ly6S3LkvZB1/jqgwIRnZfW+qqL6BEzqAyPKzWq5FVrHoM9:diELWZB1LqgwIRnZO+TMEzbKKFZ

Score

10^/10

rat n10i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n10i

Decoy

goosehost.com

barrdsecurity.com

breaksetle.online

generaldatapolicy.online

eversafe-pc.com

caninepawse.com

caogc.com

clairesamazon.com

exeterseoexpert.co.uk

carolingiansociety.xyz

guihxmpg.store

ballotharvesters.com

lendike.ru

millionairessvault.co.uk

guoshan-0800777216.com

livestreamingbet.com

gvdxop.xyz

4455dh.net

fleshclothingstore.com

1688eet.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1740-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB