formbook | 1616-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1616-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

83adfd4f9154aca83bbfac82ad7dd716
SHA1

0319ce53b02708ae566a2700e2ef6bd86e567c61
SHA256

6d6605fefea0afdeeafc68988f40cbce5584c13df2f1a3d54374ee69c45f74a8
SHA512

a052c0284efe398561a2a896e9e6f4148074958a71d43545826fd6954d9ecb3e939a3c8d471c9d53e47cfab95424ab64426730ff1254ccfb40db78f15d611972
SSDEEP

3072:lkwGEQLfp/RDI3bQfy7IKQY3Au5NGMIcSlCy8Qfoop:Tw9JGbWdKQY3lN8cSl+Ioo

Score

10^/10

rat cr63 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr63

Decoy

kontorsprylar.com

efefeatable.buzz

gbmorningnews.online

bbntherapy.com

achmadsyafii.com

hrunmall7489.com

blurens-de.com

fadalinovaes.net

sahalenergy.com

486947.com

thelabresults.africa

ldkjcu8.vip

5t8nds.live

kapokbay.com

vieop.online

cristiebussey.com

exsharebuddy.com

back9grillclgc.com

danielsnetworkingsecurity.com

dutcode-xyz.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1616-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB