formbook | 268-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

268-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

34a355586a4394cc43e0d646c519dc93
SHA1

9d56f9090d90ebc1392c9228aad07f374a6fda2e
SHA256

bb7f91b09a9c7e85a9b7cbf0689b1269c1fae7b65b3b82f343ca70ea3622637b
SHA512

5698bd7c3eda053ac79b520cfc36ff77ee8ef065984e39e41c0392eeabee582813a2fb24edd4dfdd66a09fe24848a568aa5cbb1741876b882722ed5f5c10c6ea
SSDEEP

3072:mPEUkhyXt4Dg3h4IM2GH4j7evbUluEcpIpZ7HYrqHbq5cPmmDU:DBuhFMDYj7ev4lu7pIYrqHis

Score

10^/10

rat sy22 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

logichunter.com

kp34.vip

ellementscrystalco.com

investcentre.club

veloxcarriers.africa

luxureejewelries.africa

clubmaie.com

gomophyio.site

usapaperballots.com

endviolence.ooo

cambrianopps.net

melkas.africa

arcteryxphilippinesstore.com

ancientcrew.com

davisgeneral.store

vieop.online

homemaintenence.com

jobrides.com

cheaphealthyfood.com

creusetonline.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

268-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB