formbook | 268-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

268-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

bfe651672e13409076bebf218dcff99e
SHA1

0efcf56036822b53472eab970a573fd19c5244a8
SHA256

d815aa5d74bacc37aa423c50938d7b084e34f8c73d5d04994c5fcfccf4df9d09
SHA512

e3afe08152c98271037c55db15b9ac1062e4ba77f84a3902b2efb89d148d59e7096c57e6f8258b5ab43468245247600197da718a7c67a1b66cb1a7574a525dd5
SSDEEP

3072:a7HQkaZFln3Fd33lV1UpStrmBNsHzzYJ3wec7YgHPHUAVJhcNA5X:3zdHlzUYtrmBNsHPYBV2YgvUAVMNAF

Score

10^/10

rat ne28 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ne28

Decoy

basic-careitem.net

healstockton.com

groupetalentapro.com

geseconevent.com

adornmentwithadrienne.com

lazylynx.se

forestwerx.com

labishu.com

hilykan.com

beyondyoursenses.co.uk

inno-imc.com

driverrehab.online

mantlepies.co.uk

sicepat.net

kiwitownkids.com

infiniumsource.com

motorsolutionswithmakro.co.uk

6pg.shop

zijlont.xyz

corpusskencar.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

268-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB