formbook | 624-71-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

624-71-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

62f39fb08935c91ddc5f485e5d99f3b0
SHA1

8874b917df4b52fef797840a3efaf00467931c60
SHA256

5632f94237f340e66a8d048de93c4c443a0eacd0fd06b91c471e708cf4030d88
SHA512

dbfd4fb642f08016af06af89a3fea96d763f0c02e68ff6abff0bb2145bb99d1445c7d054314bc502f879b00ab707c9cc591d71a1278d36b6af1de9232359ed9f
SSDEEP

3072:k7zDwkP4+vmiRS3AEMXJRSrG/gtPH3G0fo9KrURw+27RCtHEXwz:M+kEABZ4rG/gt/3G0A984wb7QtHEgz

Score

10^/10

rat de08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

inspirajapan.com

labeldao.com

31jane.com

padraigsconstruction.com

greatgreenturf.com

braseltontabernacleofpraise.com

aladesignservices.com

ascenciorealestate.com

ropainfantilnenitos.com

kuvu48bgm0.top

htpland.com

just1ce.co.uk

capitalwatch.africa

hoby.app

kikachoodesign.com

iyerbrothers.com

importacioneskc.shop

hanhengedu.com

g3cybergroup.com

foundsmartwealth.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

624-71-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB