formbook | 576-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

576-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

19275d4d81f3058a9247da65208d9f9b
SHA1

b8be580f5dc60e5e99deb94cf5002b60e21efa7a
SHA256

aed42d79c1c44a9195c4ea9dcf8863fc7fd73901fac5f0fab46b0cd89950bf2c
SHA512

ab8a8c65f7b265bce86f8c12d92c09ba339596f3d6db4a3ad43da817722ef9945dabc96a6ffa8def679b9fb0c992dadb0d50d6635b1c5a437e46a4bdb1dc1498
SSDEEP

3072:PW7/ik3hcDEXf3332UZ7U00rqNvAHPo/tM12QfVkLaYKd6wVoL1:ePf3Gy7J0rGvAA/tM1tAv0fc1

Score

10^/10

rat k29d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k29d

Decoy

isgcpi.com

immanuelwi.com

f9g89.com

chercheursdor.com

lellaaaa.website

evolucaopublicidade.com

jiu329.com

co2ffset.shop

designqueenn.com

domain.apartments

lleonards.com

leapstartdesign.com

smithskitchenandbedroom.co.uk

lauren-mathews.com

captainscove.co.uk

hnaspi.xyz

jcw-media.com

flrstan.com

dmvsalons.com

acessores.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

576-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB