formbook | 552-68-0x0000000000070000-0x000000000009F000-memory[.]dmp

General

Target

552-68-0x0000000000070000-0x000000000009F000-memory.dmp
Size

188KB
MD5

c4f02c09ab3ee00db33155cfc2c9b57a
SHA1

a65ab01b0c40286e319cb9ec8c3deb80839e5e63
SHA256

005781c53052c8572c42acec921bf392eb3b6b2b98bcf2619333822571b0f353
SHA512

e22e44e0b41c025b7818e4ed2c28d244276ac136e8c6968e4a58e7576ffef03f9281dfc88662f6754d6dafdd71c9c6b2207e31f9ce54707b7a9e7004654a442a
SSDEEP

3072:obvcDkq2PNXEVj3FVz4bKo0YMbRopuYMXLeZZMid15L1bAoztR:IULFZ0Ko0YG2YTbe7MiNTH

Score

10^/10

rat c02s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c02s

Decoy

51ysp.net

digitalmarketsecrets.com

bringbackroyal.com

mitepty.online

famousastrologyspecialist.com

789betket.pro

cailinlane.com

lab-grown-diamonds-44403.com

nascodirect.africa

healthpedia.life

780ty.com

brokerdefensewall.info

storagetopgun.net

almanea.xyz

debbieaffordablewears.com

digitalrightsmarch.com

shengxianmeishi.com

duoguang.top

belpages.com

hiegu7mj6.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

552-68-0x0000000000070000-0x000000000009F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB