formbook | 1988-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1988-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

757ece38c1a8ee0c2fdcb314fe41d57e
SHA1

7d4a0748d3ea7999018bcb9eae7a27b0575cf8ce
SHA256

47bd8977332cada810a70ce534e80dcca059fcbace755901bade99333dfadd1b
SHA512

a8499adc6e54c94dfe88e6161a0056c5d7e4f703ae8a655fd9d6abcb984078058a7f073b033cff0e856f8cc9b7d907dc05a082ccb3036012402f3e740a216e9e
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePMcEpcD7S31/NaqwnMI:qrdJvyqwKv4beUcZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1988-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB