formbook | 1480-69-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

1480-69-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

d87c86f50f8c10879a626d597a370f77
SHA1

aec4b959211b24521e5a28820929995cd2914415
SHA256

ef504391a4197becba25600f76a6f686a1b955574fc4f6895794bc7c60d63080
SHA512

02ac5bd893a7a441c6ee1e51a7f2a82120e83b0ec9716cd5201a43cc31046da368ade083ef56b32c850c628c74be5d2921a8a2f5f6c74ca4a7a6464f90066959
SSDEEP

3072:EbBFkc17pO/Jq3oBkFaubB+Y1VBtNa376DKX3pPTqjAue9uBN:k1wsoOgubB+Y1f/aGSPTnunb

Score

10^/10

rat ks01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ks01

Decoy

glchqx.com

acpwatertreatment.co.uk

hannahschepmann.com

cvcv49.top

crazy-for-promotion.online

goldstreamacademy.africa

erasure.monster

judiangka.boats

fli.group

94ebuy.com

enjoyvet.com

box618.shop

formdr.dev

rivierabathrooms.co.uk

drawntocolour.com

digitalworldobserver.com

lonelinessindex.com

coachifyfunnels.com

abeloewen.com

bahujan.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1480-69-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB