formbook | 1472-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1472-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9d7d2698be960a4cd9478123d81cb30b
SHA1

4b3c71b6d78f600619ad762e9eb0957c20ca5ea0
SHA256

74bb9f3063d271fc7876ebc14386e6f136333a394cb71217948950e7d324c54e
SHA512

051636d3ba765e7280a640249bb14dc92bb02d1719b7d7a03c365c6327167a326a5da10be4357ad30359b2cacaa97bbb77aba5ee6d35d60772b1bae6ac9a793e
SSDEEP

3072:hgTsIkmchQ6Cez3bIbOy/a9DVAqcOwp0iTGVoddQqGYGODaj:DYV6bmLa9DVAqYtTG6ddQqeODaj

Score

10^/10

rat me29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1472-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB