formbook | 1140-75-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1140-75-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

df1e9d4d85930783d8183481e9405b29
SHA1

f4587b23cb4b233a8f918d308767c986a0f274a4
SHA256

cc665dbbb5440529649c83989c52e5095447872d3f388d1e5b22f472dd33a206
SHA512

78a8bce9a9dc83c8881cc735fcf33962f50f9e1a29d2c46aa536e8cdf6e85093341028ed439615d507d07626124fbdd317eb2f2ecdcf4731c98d1470daedb503
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePM1EpcD7S31/NaqwnMI:qrdJvyqwKv4beU1ZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1140-75-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB