formbook | 732-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

732-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

36e0569c0826627a1e8a455bb9d72c54
SHA1

b91ff8ab737381df7820dec8ba0f4bb2397ea346
SHA256

790f7d8e6a9709b3615586d0a1174fb17bb301b6f5a8f65a9989e47bf560d905
SHA512

8761449d362ac82a518a4f97b2fb59edb4c160adf8d14a6832a76d03972c22359ff5edc9d54c6aa9e4e982b4b48ff999df5b4cda6bb8457061ee100a0866013c
SSDEEP

3072:4Koprko7DPfmfrm3g1DMje32LjQ/hGRXKm19NunN8Y2oQ5TNM:GGQgxMjxLjQ/kt9Et2oCM

Score

10^/10

rat d16k formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d16k

Decoy

drinkag1pro.com

dermamedical.uk

northwheddonfarm.co.uk

ashleighj.com

kietaj.xyz

6tu04yd0.xyz

donutcosmetic.com

goldsell.xyz

betonxetek.ru

caplingerphotodrones.com

mp3cool3.net

diakonia.africa

addictsmovingmountainsinc.com

czghgdgs.com

highperwednesday.com

wagadvisor.co.uk

youhuidi.net

feastandfast.com

fp-events.net

1wkejm.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

732-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB