formbook | 1892-85-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

1892-85-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

6ca2a62e6a7fe5794ccce79eae7e43f4
SHA1

ab2e26d54587b71c0f775956053f69f5fe25cbd5
SHA256

a81d3c70b2b13b83fc8a43a735b54861b307d6bdfe2dbef90a16f6c263c423b5
SHA512

e04dbd271cb59bd4aa6302defe52196bb6f36770663f59db82f3902abd645bf39054a3403abfc523b150df8d1d803811834a3f51431a2de4306c5dad7a79ba2b
SSDEEP

3072:Guq3ME5iCv68AG3BkP93ImLqTGAUcZ3OPkxCsId3sAbpiKWCLk:U2wBS9BLqTGAUcZ3RCsy8Ab2b

Score

10^/10

rat be83 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be83

Decoy

woodlandscancercare.org.uk

hosting-delightful.lol

bilpreco.com

diplomk-v-habarovske.com

dzgck.com

jsdappraisals.com

digitalnishant.com

bluevibesgift.com

wowchershoo.co.uk

eudoriaofficial.online

ourcampaign2024.net

barlogcode.com

calmingscents.biz

thewaterfallproject.africa

www-1911.com

cigapp.online

wooddroppers.africa

casmiya.com

haruminailbar.com

drivermindset.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

1892-85-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB