formbook | 1172-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1172-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2b0e0210272ec0b96024b759145c7349
SHA1

4285ee14662acf4e0da0df1e1ad9e27aa95b36d4
SHA256

8f899e4ea40770376527d7cc19f2a494b111bad43f97ff84f2f5818f8154f402
SHA512

baae5551e0e80034438ec376abc2adf173755af4e96e1f1eee4b3a46a4f7806406702fb955cdb45980149dc92b08be8f875b24213c2fad884b3877d5671084d1
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePM5EpcD7S31/NaqwnMI:qrdJvyqwKv4beU5ZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1172-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB