formbook | 1876-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1876-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d8456ebf9a64bff9ba142e54bd166dd7
SHA1

5e0db6201a26097f285347e57de3e3c5e06754fc
SHA256

6329ac0ade3804a8d49cfd2c2457c93dbe61e7bfaf9743e3f019dab8ffec244a
SHA512

0f98cf40886c57bb5c1df6eb7bd2dcdb5029677052534bd20e46230bdcccd3eb9dbf16868fdd27ebe2695daefd340a180af589c29d885b43ea56f7c6dd73e515
SSDEEP

3072:JVPEXaTRRul3LlURrH6JTK3wZZ1/kyn4nNP4Zc277JG:idJLK16JTK3wxkPNPmj7w

Score

10^/10

rat bk08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk08

Decoy

chloie.net

fastingersecure.monster

foundersterrace.online

ytorly.xyz

kiralayolla.com

corporacionalpi.com

planfortheworld.com

disciplinecoaching.co.uk

rubi33.com

digitlabmedia.com

ky20033.com

h4q7.com

91ye260.xyz

coconceptevents.com

ukusizas.africa

utainnovative.africa

ted-clean.co.uk

haus-huelsche.com

ca-refund.website

football.salon

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1876-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB