formbook | 820-70-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

820-70-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

4bb5df2f2a1ecdd3189a1e3718d4dea7
SHA1

7a7ab1c228fb5080ecc141f723190b29e6e1d900
SHA256

07044ec271b67c6046db63dfaa9c72ee8c46d833f2825436b4bafbe1aee13ea2
SHA512

2d47625dd18712ec7c02f1ce27287bb5728227717ba867074a608006142ea6d56b90bf26a204efc243be5f90243e6a6007da8aa8c101780fa15913a8f1a900c1
SSDEEP

3072:Fm4mEcAc6X6+ti3qitkz8Vr2/qUwYsWmYxS0zK7B0+wvw7uN913:IgtUq5zGr2/qUzTbx68vw7w

Score

10^/10

rat o17i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o17i

Decoy

chocolatebarreview.com

fetch-a-trabajos-canada.info

expresspestcontrol.net

tractionx.co.uk

vitalassetsecurity.com

lahtawine.ru

firedamagereports.com

bentzenphotography.com

digitalworkforces.com

divnoe.online

efefbig.buzz

melhardy.co.uk

igorsolutions.com

developmentszhuiservice.com

fookspace.com

kredaroo.com

4zpm.xyz

kycecat.cfd

singingriverhomeimprovement.com

bils.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

820-70-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB