formbook | 4856-139-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

4856-139-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

325fadc9a59255e7f2349a92e81168d1
SHA1

764114f8c6fa4e3e852c463e771b04cde3ada36c
SHA256

11ac1e759b4a872c6b3466ffaabac8f31540f0391a63a052501e7ce0c131661d
SHA512

67df17786a346b1ba4de0414494ee4bebcffe3c151f1299e9c40f488db1a5f215d0524417d5972b4c4d01d3f537bb287004dd9d6314005bf8b84a1feaea03a18
SSDEEP

3072:A6/9mXEdkBwBxW3OQ/FoaWp7a8YhHLnyou/FwE+WBGddTdAgjuo7:Au9AO2F9YaVhHeb1rITFP

Score

10^/10

rat lt12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt12

Decoy

bigcutsmiramar.com

hexiqunanke.com

aniediette.africa

calaaccessories.com

lovelyirene.online

87965yy.com

ag-1equipment.com

5lov3.com

historiasmujeres.tours

layinnahbirth.com

shadesoftimeexeter.co.uk

dollo.uk

lacasitamx.com

finehouse.click

firstchoicesource.com

curleyoakpickups.co.uk

goldsell.xyz

lovetheshake.com

efefcollect.buzz

girlsprincesstoys.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

4856-139-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB