formbook | 2040-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2040-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7def72d41346fd0ca04839c1b32d2e55
SHA1

291182ce5ac0f340ec09921cde253593933c02c2
SHA256

cc72d7d8232696e29ba2eecf01f62e8ef49c8f1dde581ffbaa84697afd157281
SHA512

172efaf698d676be4a7c6fdb7769c9222a78462e86f1880e9175843e38df53963ec0f25cb9be340fb88b9ea620a332567240c1b97d64977192b472f50b359e9e
SSDEEP

3072:g9wxkN3othUvM3WVMUhHENyb6J4csOFcy993yFm+MQoX73E3H:OfCWGCb6J4crO+ww+M7X7U

Score

10^/10

rat cy01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy01

Decoy

beauty-clean.site

funsellers.shop

digichatbox.com

greenleafpestsvcs.com

getcashs.shop

jessbenitez.net

bridgeworksmotcentre.co.uk

chorusmobile.africa

kiralayolla.com

ft-vip.club

fromlearnerstoimpacters.com

baldwinaesthetics.com

legacyfinehomescb.com

adnaturaltours.com

hzdingyushangwu.com

brinkworthchurch.co.uk

statesurvival.net

beingabroad.store

gmkmc.com

toubra.africa

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2040-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB