formbook | 608-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

608-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0999b00cf3bddbd6abf71e1ad4c31acf
SHA1

173d9ac695e71bedf8239638d8f88df055dc2e16
SHA256

e8513e76476130ccff42db9b3c2c85f9536dbeaec2168c3306a12a73f23e3106
SHA512

8ad87333d8f3b558412654ebf1b9a98d7db71a86a64600f9f368993778702d300135a97f4b15e30e04dabe5504099b516a8436a106252a9c67ae2b0491c06b21
SSDEEP

3072:A6/9mXEdkBwBxW3OQ/FoaWp7a8YhHLnyeu/FwE+WBGddTdAgjuo7:Au9AO2F9YaVhHeV1rITFP

Score

10^/10

rat lt12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt12

Decoy

bigcutsmiramar.com

hexiqunanke.com

aniediette.africa

calaaccessories.com

lovelyirene.online

87965yy.com

ag-1equipment.com

5lov3.com

historiasmujeres.tours

layinnahbirth.com

shadesoftimeexeter.co.uk

dollo.uk

lacasitamx.com

finehouse.click

firstchoicesource.com

curleyoakpickups.co.uk

goldsell.xyz

lovetheshake.com

efefcollect.buzz

girlsprincesstoys.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

608-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB