formbook | 644-60-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

644-60-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

3411a6d7d604f90aac4d9abd94e7a8f1
SHA1

86ffca82de5111b16e447c39c2bd59b35d5dfef2
SHA256

b7cffeefbfdd3e52988aebcd59d47b35f31cf670ac47886a59059164339b2533
SHA512

ad74864e6289e59eefdd0aa5ce92071b82744649ca46594d6decbaac1d4a9d13b2af18a2d0b6171f3eb7ad655b436c2a1040919fa917845258d3c19d320c63b0
SSDEEP

3072:tJjbkJy5B1uby3tAgigqyRA8Nw59A+VahknshfI4EDYP4X63H:lgktlNqyRA820AbnsVIBxX

Score

10^/10

rat ub76 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ub76

Decoy

id2567.ru

45594.uk

bestcallgirlindehradun.com

borobounce.com

lancoyorks.com

galoshesverdict.com

electric-cars-84428.com

babuildingservices.com

armal.net

99gaokk.com

exusianations.africa

leerhet.com

celebrantveronica.co.uk

aftericon.com

megafilmeshd50.app

winsf.net

gasuver.com

advisoramplifier.com

curtisdelgrosso.com

autocentrezac.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

644-60-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB