formbook | 1320-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1320-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

33746c97f3b851065ed2bc0674b811b0
SHA1

e1a16509f8f3c9144cff206416f7ceed03e9afa7
SHA256

137d719d125f60728d2011f73abe12db1580b75b90056620e63ff8a606d89ae8
SHA512

48af3339369b0389b647eb7572259b6221251520851148551f56f5f61a8940f4a9e43e53ff9a903cafcc4cc8f89fb4e747a1bdb8ce2330fdfa51a5cfb60f24af
SSDEEP

3072:hgTsIkmchQ6Cez3bIbOy/a9DVAq3Owp0iTGVoddQqGYGODaj:DYV6bmLa9DVAqhtTG6ddQqeODaj

Score

10^/10

rat me29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1320-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB