formbook | 1296-74-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1296-74-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

583bf58a0ae3239cfb4718a6356d14f6
SHA1

b4feb78b6617481f23b23a71f724a6c714fd2f0d
SHA256

ac200b0a52e6bd114683952ee41d6d032c706eb9b2236a569a793585fed8e3b9
SHA512

8c4e21c80942b4287c654c31086221330dd39c617892d5ae7f4282073c80c301f01aca72eaaf7f8e39eeae581c5b37063622402d8fb2e09c01ba870c955641b4
SSDEEP

3072:iaJ/bZkDBrhGNVkl3v5sqq1Kv4bePM0EpcD7S31/NaqwnMI:qrdJvyqwKv4beU0ZDWtk

Score

10^/10

rat sk29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1296-74-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB