formbook | 692-92-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

692-92-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

e623ac5dc2c80ba940cafbe75fd2218f
SHA1

3aa8ff44ef6abaf0359f87de06c9531f6ab84251
SHA256

3a0d584b3bbee03da98a7508291a82ac522701145d2922b1d7b9d0a224b71f24
SHA512

7893c35f53162ab8a6e9900f5acf077af2e68705527ec12cca1324c17a41ade8daf664a1c2e725308d498c70cca436ec8f8afce6d1610c36d21fe41ea9454323
SSDEEP

3072:3wRElnEUjak6A32a9yBgj7B6HfMne5VwceMlA+1Tqxf5J9c:RPR6O2Syy7B6HfMTylAyTK9

Score

10^/10

rat mi94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi94

Decoy

realdigitalmarketing.co.uk

athle91.com

zetuinteriors.africa

jewelry2adore.biz

sneakersuomo.com

hotcoa.com

bestpetfinds.com

elatedfreedom.com

louisegoulet.com

licensescape.com

jenniferfalconerrealtor.com

xqan.net

textare.net

doctorlinkscsk.link

bizformspro.com

ameriealthcaritasfl.com

hanfengmeiye.com

anjin98.com

credit-cards-54889.com

dinero.news

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

692-92-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB