formbook | 1200-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1200-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d5f5417e45543d59f9d05a4e2bcb06dd
SHA1

ec1caf5c3c792288cf5f2c5e717a3fc493d413c9
SHA256

17f50b9858a56e147911cbb3b89f7ecd0365beb3282dc323b9981f4655082032
SHA512

c5bfa7f2e65c9e3b0f1c6feff7c5dfa68ead72683d2f604c40cf96dc3628b2016295ca4bc5d3e20bdf00cb08b9f4e016e8d82b2551077799d2146b474846aa5a
SSDEEP

3072:bnykk/OBB/iJ6Mll153U3qSLm7OnxFd1XB+51DwuRbE5v:ZBAVl75kqSLm7Onx3/+5quq5v

Score

10^/10

rat rs11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs11

Decoy

brigtsidefinancial.com

kotteri-mannish.com

black-iron-fences-bros.com

fnixo.com

gondes.net

cutleryknives-store.com

cabledahmercadillacvip.com

redstaing.com

cateri.africa

cgadminservices.com

wilwin.net

moteru40.net

floraandfate.com

aram-eyes.com

bcrazy55.com

courierpay.buzz

discovervielven.com

mymansshirt.com

junglesmp.online

classic-workshop.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1200-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB