formbook | 1148-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1148-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e89cc9c903e1e36fa57e6b63756a8902
SHA1

260d9d4081ca139c08923b2bbf2d4a4fa92ffc1c
SHA256

f3f4d6a87fe3d0404cb8cd95abaf58a93524032d7a6d7338fa2769e9acfb6486
SHA512

ce645b32ed0cd6473157a579bc5c0ad8fb9bd878bce02631775fec62b1896ea985b6474cba98bc187da672c8561633813c0a9d18d9acc86039c467ca96194bc1
SSDEEP

3072:X81ZkcOYX2iR3h7+gMJOTKjgtCXoEilKag3Tx+Cf9:aRNhig1TKjgtCYPST4CF

Score

10^/10

rat d03s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d03s

Decoy

laurasgreenleaves.co.uk

fantastik3d.com

jsstee.com

foodynation.co.uk

3623wnorthgate.com

titanmedical.africa

keithjacksonlifecoach.com

kardilah.shop

crisscrossfishsauce.com

lojatanamao.online

ceways.com

holybreadstudios.com

c66u.xyz

poococoin.net

exipureyour7best.online

easterislandfoundation.net

09448.voto

gzbzxyy.com

0uqx.xyz

agentfarah.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1148-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB