formbook | 1864-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1864-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d535bdeb833eafd52ed4fd9cbc6c8358
SHA1

fce2648b8de215e803f5912a7cf2dae4343bf7de
SHA256

975fd9df2ab2f6d561aac1e67a89e44e08c3a4010e5416ae260001ceb718dee0
SHA512

a370d90f673501de435effd00bad42c98e6e7744cebe557c6273efe9d0ef237728816aff06e7e4b122540657e44cade3155618bca8acd8bf64faf1c2d0783731
SSDEEP

3072:Q1UckNCW9H0Zx3CkyIOpeRub6PsHPuezcTR75FTTPTDxnEMfOa/:HwtCnIOpFb6PGPuezcTR7TT3xnEMr

Score

10^/10

rat ke03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1864-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB