formbook | 580-104-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

580-104-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

c522448fca6b662211d38014b23440ab
SHA1

f768616f7a6d7786adc5500799f818ef26db6d1a
SHA256

d998ebae2fcaabed50b2520bb39c6c4a428b7c55e5f33d56c7465363fd8c63f3
SHA512

565567f22ad354df634a7635b37cb4c5d7afa83324fe8e4994337be1e3a19a1b9f3496d1cad42404c36e40cd053138bf28802423f1d93c2e4965cb2e1aadebfd
SSDEEP

3072:mEzEHpoVbFR3BDnuxAKrzkoXsJL+LI9HtYjAbP:44NB7urzkocSWP

Score

10^/10

rat bd16 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bd16

Decoy

fjosephsolicitor.co.uk

itworx.store

firstlinebeefits.com

cadimaglobalservices.com

inclevin.com

kashmirimasale.com

charalambidis.com

homeliday.co.uk

joseguardiola.dev

wowmomofranchise.info

halongbaycruisestours.com

000217.com

dslt.xyz

careyinmobiliaria.com

ucankofteci.net

brisace.com

fastestcleaningservice.com

cornbreadnchicken.com

sizeable.app

labradordiamond.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

580-104-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB