formbook | 560-72-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

560-72-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

e8cccd9d1cd6348afb863b14390378f7
SHA1

83487027d33ac1e2b962917cc4c2a8492c7fd4f8
SHA256

4063b3b6ebf81f5dd32eabd9a8a187c3adb9b9e07f2e1d9bd7c820c933cb12af
SHA512

5cdc9284238ff94f030a4da0af16c43e228d193a27b92e0862917fc64fd4ff0e59c7ac7599b0b9eb558d6036714629ee7f3f882e0f9d0d73e52bbabd7338d07f
SSDEEP

3072:+mdnOdkjVW6NKdh3w9o5vraxKSHab6KFsz/KbcYSm/1zD:jidwG5jaxKSHU6KFsz/KbcYt3

Score

10^/10

rat il23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

il23

Decoy

woodlandwoodworking.net

kitchen-deals-69155.com

hiddendia.xyz

xelaxaste.uk

sproutstrive.com

avlulu124.xyz

g-starnetwork.com

a-avdeeva.com

filmart.top

bustime411.com

besyor.xyz

joulex.live

christmastempjobsfinder.life

cxrh-official.com

themuzzy.co.uk

joshisarena.africa

dental4family.com

dietsandsixpacks.co.uk

innovativedigest.com

flyingphoenix.club

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

560-72-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB