formbook | 1536-81-0x0000000000070000-0x000000000009F000-memory[.]dmp

General

Target

1536-81-0x0000000000070000-0x000000000009F000-memory.dmp
Size

188KB
MD5

289846f0371fe5883863da653adb4c5c
SHA1

24294475c9f3cee7a6162ba864f910c797452f43
SHA256

69a39e454f5ce787180507b30e8e1e77d4cc28f73c22ca7efec8911f5fa914b5
SHA512

8656486d249ea0016ca135b530e291af48ae0b7edf66bd5b8b0885a1258249175d8238142b8fc30ac47430033878bda8bf02886cc4ea16f21d5977bc8b63e8a6
SSDEEP

3072:w9jX+EQ2AW0lym3XxqkcrrIs1uJnbIsFDl59+UKEVf6rRNLZ:w22XQXYbrIs1QVl5gUKEVgh

Score

10^/10

rat bn26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bn26

Decoy

juweipai.com

assurance-mon-espace-sante.com

robqq.com

ablindear.com

socialmonkeys.co.uk

learningworldtech.com

imprese-it.com

themoodcollectives.africa

lutonmethodists.org.uk

castawaycovebnb.com

caronthemove.com

carolinacastro.uk

dcfashionweekintl.com

branchbasicsa.com

drpatrickakinsanya.africa

inventourownfuture.com

applege.top

whatamitiredof.com

daphan.pics

gardenstatevinyl.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1536-81-0x0000000000070000-0x000000000009F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB