formbook | 832-140-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

832-140-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2fbfc52140cf4146d7f9b0c84b271f18
SHA1

6d51b93455982908af8a5f53beade8d3fb965783
SHA256

ed7d8dbda44a77a826a3b0c1870aa7fd1069854e3b68a94fc2e4a06309ed60b3
SHA512

37cba020811ab0f36e548bdb4de458ced83c2d3b57aa6cb69e3ae5db60f066a57ae2fcd29a9c5e7fdf53312b097289c18dd5c81f41b7cf131cc8b622e18cac95
SSDEEP

3072:H1J3Fra85cG4c4ScidAZmQgV3bC6yBrvkw4ENyK7XzUoOE:TU8raidwtWbC6ydxZXooOE

Score

10^/10

rat tf6p formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tf6p

Decoy

poolcleanerskingsland.com

nieveslandscapee.com

wb263.com

smartlubetrading.com

linuowen.com

fna-seattle.com

jobgenie-ai.com

mycocktailmind.com

openai-invite.com

tnndjf5kyxz.com

mclane.attorney

somwear.xyz

spliffstudios.com

grupofaace.com

wuuwo.com

bigtimerushcharlotte.com

yourercchecks.com

arportablepottyrentals.biz

sbtsanantonio.com

explantationsbegleitung.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

832-140-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB