formbook | 2808-135-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2808-135-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ed5cf396cec3d3d791c9c85543364bc9
SHA1

11418dcbf35e9a60792cc61aee11567ba512fe8c
SHA256

148f1ce66680da6552b8f36b51e9e9fc8dd0d927c6188a405e1f388ef4db125b
SHA512

426ce5f50c870f8e7420de0173e8697ff079d54857a66e589c6a7b0e9354882b28df71061e1265993211e7d1274fdbde0bf3546253d9f0c70f1806930d29420e
SSDEEP

3072:1Eon2lkSfZu59sVlT1taTNiAKZAQYiouukhuWCM2Pc7s0EeGpXHMdn:rncAA1A51KqQKuVhu1unEU

Score

10^/10

rat m8nt formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m8nt

Decoy

australianews24.com

ashleyoldham.com

lqxy888.com

giftbasketsplaza.com

3369a.com

cursodeendometriosis.com

whatisayahuasca.net

sskibele.com

bairdtelevision.world

flashmountainflood.com

aprylmarie.online

ox7979.com

richardleniek.com

joinvoyager.club

nebysw.com

bulebush.net

metalroofing.store

landbbookkeeping.com

socialrejectssyndicate.com

opulantsolutions.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2808-135-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 177KB - Virtual size: 176KB

.rsrc
Size: 1024B - Virtual size: 960B