formbook | 1940-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1940-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

969a0b485f401ada72630ea1b3ec00c9
SHA1

eecedf7b8b30e4d3dadecc151694c171f4b8e1b3
SHA256

841735cc67094b9c7af5243ddef217426e91e092ede0335a69ad1efc7c5bc260
SHA512

1d93d25365049aaec0ae37fa5ca6f210aa0f90adc57c9b7c0750672fddafbb9255d5ecd99e2be166996df61ce560084fb92d164248162109fe66db1e96903941
SSDEEP

3072:mueNWkFE3SqMayvyF03+gj+JL9afNaTKZpVcMM73AKlNDfMMf0:EM5yca+GYafgTK/cjlbMv

Score

10^/10

rat mn13 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mn13

Decoy

capecodwholesale.com

888888888888831.xyz

kasimov-gorodok.ru

jauquexgmail.com

charlottistraumtherme.com

efapst.top

tubero.africa

zoerestaurant.co.uk

digitalsmma.com

nebraskans.net

eve2020.com

0060000.com

4061manzanita.com

socialgalavenue.com

capeyorkdesign.com

ferdeutuhser.lol

bespokefragances.com

e-moods.com

iphiemarkethub.africa

tylerfostermanagement.uk

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1940-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB