formbook | 1356-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1356-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

5cc9332a43690d5636e40c6818b09e3f
SHA1

24a2f2e209963b38fca078f651d8dcc69182d85b
SHA256

6931661b35b1012acef2445ef69aa169c69805a0b778bb0b12c2efcb17bd901d
SHA512

de67f296cc8930724c3ca230f5a4ac7f5a28cb6ff2237487d1da0906240a1c2fb35004f252b1a00618910e19e2357ad3f1f5831b7da772fd66180d8bce02752a
SSDEEP

3072:k79DFFsqfnXwpqmwbxw5NALkBkjIHKTBKCa5zRmDO9bM1rmd/e8U4/z:k1fRddw5NykBkIqtKCa5zQQbM1rE/y4/

Score

10^/10

rat gune formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gune

Decoy

artentarn.net

allstarpurchaslng.com

lendhave.quest

3yza.com

qpyikn.shop

play-fortuna-win-15.top

jaspergirl.store

naranjacanelaymiel.online

hiddenvalley-farms.com

gas-grills-66023.com

fp-wp.com

livepix.ltda

liholagroup.com

erlinjobs.com

doctorhooper.net

sggwmdkk.shop

ujuyzw.shop

gameclubzeed.com

myhomewish.com

ontopageone.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1356-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB