formbook | 1784-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1784-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d0cd412dfc7412f9fa62a49802c87a1b
SHA1

e367951b3eb9cd485b71d00d6f0e3187657b42ec
SHA256

1391368efa0fd5dcea0021654a6023d056018cc553187b02c18001d9002657cc
SHA512

e0fdc83e0d8b9ba6f721404cbcd2929b2523a77f6579be2818e787f7a69d747e4c1112c67de495b2f43f7d0a2d9d65b969ab786c9143da9bc28ca183b8d35d9c
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePMhEpcD7S31/NaqwnMI:qrdJvyqwKv4beUhZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1784-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB