formbook | 856-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

856-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

618619eda404c54a40196a9e3d18639e
SHA1

d5309e3a052ac23aafc98690dfc19ca880bd3a71
SHA256

5988eb5586845258e8850d2a87ecb505beacac6cb6449850bd5731a5e1db853b
SHA512

1b5f456ffd5893472203fd29945c3e970947155b13ddb7727b60703fd78b598e5ae90b7e36a30c1b47b93fbeb65a237d4182f4e853f7a7d2fede440481e1ee7a
SSDEEP

3072:+YREHkB/v+t+8C3855ws6k7eo34gKXq7kqdqh7mJ3GPDK0:d/s08vP6Jo34gKTh7zD

Score

10^/10

rat rs11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs11

Decoy

happyluxtz.com

kuloie.xyz

lehavre-sa.com

aruvyam.com

souryoga19.net

elgallo1071.com

growcentralspreadunlimited.com

ahzhaohu.com

nanispa.co.uk

ascendthailand.com

mesaseventos.net

endviolence.ooo

grewcomfort.com

expertservces.com

adventurepsychologist.com

delcerrorealty.com

eenadmalayalam.com

infotecestrategia.com

dentihex.info

fakero.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

856-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB