formbook | 284-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

284-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8c679bccca17a3a9244b8c3ef1a49890
SHA1

7d902d378ae6c5596525802d60cd75fb04c8d815
SHA256

2e7e52373ab50ad899e05b5fc4564c22d1990d154b235d6c2db5f285acf472ee
SHA512

13ed4455ea984b949adb065dff4ca4e1290d77df5fd595e88620a8e203c35a6b2fa5c693d38bc3966da688051ec66c45877f5539dcce8179f24105f89f4089ee
SSDEEP

3072:/0rOkQDI/W0mY3n07s1DUaYXk9BJb1UymLKZcNNJq0Lpq+KymRAykMdw8:vTWnu2UaYXknn+KeNj1LtKVUMu

Score

10^/10

rat b07o formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

284-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB