formbook | 1608-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1608-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7e7106ea60fa39c409b2ca3b6dbd2085
SHA1

94a91bd33fc57d0247dd6922eed55a60f7d34ffc
SHA256

1576d741471b9c9c7b0c164216e20e0d34ab84eaf74ff37a8f7c46a2a58505a0
SHA512

b0548a6546a517ac119695bf880ae9c5b8ebd3dba8cc451e9353a8737208ddc4744f5fc2f44b710e69c2bd5ddc8dfe691a89cbec2924ff7b597e67ff385c0799
SSDEEP

3072:hgTsIkmchQ6Cez3bIbOy/a9DVAqqOwp0iTGVoddQqGYGODaj:DYV6bmLa9DVAqutTG6ddQqeODaj

Score

10^/10

rat me29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1608-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB