formbook | 1896-82-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1896-82-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

aa4af079951c1b13ded219b2dca7c6e9
SHA1

e8a0398831d8630f6fc0e9b5f1bda94a6951ffb1
SHA256

377947e6da2ef133952cc7847037fc14fe18a3789b750e7e6726f5836b613a9e
SHA512

c6bbc362a7a8a6286fe008d76296f05b3793c587d1863a9fdc2696c71d6d6cb6f3f1604c727bf8fc5b83b87b28ac31e84e44866726d619755894b58df686ec4d
SSDEEP

3072:UsunOkKKbnZi0j37dOQVMmy6X2mcr5MXf/JUn4M7KB6UfJZ:KCKZL7gQhy6X2mUMXfxlBXJ

Score

10^/10

rat ss39 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ss39

Decoy

okcattorneys.africa

exhaustchord.com

storagehello.com

ibarapamarket.africa

aroma-full.com

brightwhitelightsucks.com

gowerwildlife.com

transpridenow.com

serviceappsinlineyapp.com

chocoshops.com

lovelsarose.com

suirvalleypoultry.co.uk

2stks1stne.com

bungling-convey.click

ipinmall8551.com

efefsuggestion.buzz

dameishop.com

essentialskillsuk.com

87965ww.com

2222westonroad.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1896-82-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB