formbook | 1248-82-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1248-82-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

3445aba3edcc532a5fa998b432879783
SHA1

891b30b9fd596dcc89647f5440dfd6d8821466b7
SHA256

766244ae4ec3a0f7a6f4037e18652fe74629bb65f358ddd7a61c5fc1964a4112
SHA512

a0f3390e48cb3441c2956aa22d1ce6236f8abf1a529e3f8bc41c622a58ae8e7cb5080169b1722b783a609cc126fbfb4581a479c05dc1b57275d1a35cdb758a19
SSDEEP

3072:thRS1QQBhZOKLX6IsLSR8Z6zCWGpR+/S3HgcwzZ+aZpAeC7vQ:hJKbHsLSR8ZiG5wfjZpw

Score

10^/10

rat p0qs formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p0qs

Decoy

fakturatelenorrefund.online

delta88.pro

zevarbids.com

wsagru.xyz

village-cars.com

yourclick.icu

appartementalouer.info

99videosaday.com

miaodajie.com

fotografiaueb.online

borrowmovies.com

biorheranostics.com

gqhthbau.com

paraleltasarim.com

gilnir-technology.com

gng-home.com

eliasisms.com

mathboard.online

wp-products.com

hoazebramusseltreatment.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1248-82-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB