formbook | 1248-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1248-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2236845b958803d1b25da76577d8d0f9
SHA1

9bdc3663c2371cbbfc1fb1b8a9de74e10a4fdc0b
SHA256

26ddfaf51ec1fc752010aa82f558819ef06138dcee7fc14bcd31f2d5c970094b
SHA512

57c34d864ebf1a270886345e4c3e62189f6888ba881adc41fd7234d7cc4b847eb4527facc096152833e11cbe03437f21912e007a0041a8d0cdcbce2238a78dd1
SSDEEP

3072:m1jJ5kP6syeev39IqXkcSO6wHTY1xw1TMXerMnmXAsaa2:+Eyv9lkW6wHTNBMzOAsaa

Score

10^/10

rat de12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de12

Decoy

jumpexit.com

chrissycodes.com

bookpdf.club

headbetter.online

joinonly.online

macrotek.co.uk

gavidi.com

alahate.com

investorfinancedefense.info

foundationalfoods4life.com

designbyvilliet.se

bestchasecreditcard.com

gospelvibe.africa

mindfulchild.uk

fiddler-foaled.click

fcb.design

valourvapejuice.africa

helokq.cfd

golfingtechnique.com

authorjennieryan.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1248-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB