formbook | 1256-76-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1256-76-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

dd868d2eb2ff0d155976bb083d375e66
SHA1

181d98f884e3a2659708d122e5fdeefb93a2370d
SHA256

711abbc5167ae2f1af4bfad29bb746eef034c83ce304b7b519bf66db3aa3754c
SHA512

4e78edd394810f69e436ba74b1c7726796137e611760cb6a0d41d82bb8f02dfa19be21c3a40d8e5035dfa4ed6213ae2b5429c797daadcb7640d228518eb4c979
SSDEEP

3072:/0rOkQDI/W0mY3n07s1DUaYXk9BJb1UyYLKZcNNJq0Lpq+KymRAykMdw8:vTWnu2UaYXknnYKeNj1LtKVUMu

Score

10^/10

rat b07o formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1256-76-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB