formbook | 1556-74-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1556-74-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

afe9a89f5d77129fbdccd6d4eea26b43
SHA1

0efb0f1dd3548e2f643157a184e3a7d7b46cdd45
SHA256

681bcb5f4a1fc6d9bb97865a756198156a7a5134cf08b78edabafa3c461c67fe
SHA512

52c3920656778051125137d50b55ddf2e898ecad6102ae1bffe59abd3079da3e90b3cfb7f60853485321a055782907f088374056fbbab405c5bae81174608d65
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePMGEpcD7S31/NaqwnMI:qrdJvyqwKv4beUGZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1556-74-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB