formbook | 292-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

292-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0b17512b41b8b29ea650eba89409cabd
SHA1

4af01c4aa414455722dbd5e46f6eaba2abb33249
SHA256

074618103d21f9dcc6ac16652f24b49457131a5fc47cefb1f87e06220b1b270a
SHA512

14c57369f1e62e2aaaa53da2e496d40ba68dc5970c4d83287d9b5e93ed517e496c3a6df9f363124f50bddbd765f68b01f36c3aa5688aa49433a1a8de30a396bc
SSDEEP

3072:7P4BEYglTkgw32rt7F6VZmtY7QOq9BZFaveIugmwlvh+F6kU3S7p:8s+2hx6VZmt39bZFvDgLvh+IM

Score

10^/10

rat eu69 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

eu69

Decoy

brightonbase.com

gamingcomputersunder1000.com

electriccarcharging.xyz

buysystems.co.uk

cansuk.online

smartykids-center.ru

gmmcustoms.com

klyrio.com

chemical-pomp-media.com

investorenprojekte.com

blogsaudeemdia.com

learning-m365.com

attache.gay

limpiezasturisticas.com

garagedoorprices.shop

amyzoellers.com

eguzkiagroup.com

phe.sk

efefhappen.buzz

raretables.co.uk

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

292-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB