formbook | 292-82-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

292-82-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e55d24e020fe3a381fc8c905cba58514
SHA1

34ded0c761a39ca9c321b089da4f9f88ee7d32a4
SHA256

d3a6a156ee0afedee6fe6a11d09c5397fb749e6afb83473e7abadfb23a232fb7
SHA512

9caf5bd9ed2b806c8ee0b9bd50ddc335f86963ad43636a10562be3377a34b917f956cb477bdd3bfd0c73481f4a163ecc60d13b75e8ec544c5ab29ec0e9f99ed1
SSDEEP

3072:tC7EFo1oFns3phSpEoqYOqbHjzGDHb+ZtbIvCJXrqs255JtVM:LPipspHqYOqbHjiD7iRI6pqsq5m

Score

10^/10

rat s17b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s17b

Decoy

adriannavasquez.com

ticketstolisbon.com

hygrostar.com

dcairandheat.com

gamerviet.com

cjdao.net

informationdata65319.com

ethdefi.live

0241d.com

bestwoodtoy.com

bookingmello.com

hjd3c5.com

1eisdhiookd.xyz

urbanfarmingdynamics.africa

graphicsxperts.com

ebndeoo.store

chenzhenstorea.club

brain-life-imaging.info

containsmilk.com

ebaepay.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

292-82-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB