formbook | 1768-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1768-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

638aee0cd80c28bfdff8d881f1a9f2b7
SHA1

fe5810030457ee72b3760348f54e7b1316146116
SHA256

fe52e33be06ca80a329a65caced34fe01daa58e3980ea156608a689e883e926b
SHA512

3e4e4391a529b1ac195788322292b439c365ca8b0825335fbc1a4b77507de088e97487048474d51c186e0b8a7f7354a5a898531659931f344f8cc2169d2c6a56
SSDEEP

3072:1gYsck42QU6Ob58c3cK7WY1YLsiL8Xi9XCSCpPtrJR+OCqJ9H7S:Ng8ScQPWLsiL8ytCLp52OL9H7

Score

10^/10

rat ny18 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ny18

Decoy

flagencys.com

getlikevip.com

ifydigitaldeveloper.africa

artificialturfminneapolis.com

eastereats.com

casinclab.com

az1.life

baishengyx.net

bellpacnw.com

donskye.africa

chatfreegames.com

dizimaglico.com

southgatewoodwork.co.uk

jorgelrocha.com

americaspatriotfactory.com

remco.boo

hvtourismalliance.com

estanciasantaedwirgem.com

agriturismolebaccane.com

bosecmedical.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1768-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB