formbook | 1864-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1864-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

1d39825ff8c95b3d8d7c5507c0627d09
SHA1

d5eb3ed4837ced68a4aaf321127b0f4bff34a52f
SHA256

0eff7a24fbf35689498d3209b1efc506ecdecf21e249e6858e19a0d7c5f79e06
SHA512

681e2af113dfde8b6109965b67e5729bbe5cab92201782b109a1ae2997d68d7385ce9a8611b8af49a73d519c633947bba8fad6a3be5bbc952691bf5de09c6137
SSDEEP

3072:s77wVERmq83MP4/377ro6FuaS5BIMeEQEb9vhAygP9fq6D6pqoIK:Pd/7vo6IaS5BvP4yW+M

Score

10^/10

rat sd03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sd03

Decoy

bagmart.net

1wuxns.top

guohuifanli.com

facetaxi.xyz

fresnodailynews.online

2854x.com

fxprods.live

alley-oop.app

lolabanet.com

websleuths.africa

billydeluca.com

bbmmarketinginc.com

aldcrew.com

laolaijx.com

bflaherty.work

catawbabank.com

nesty.africa

infochat.top

burningsensationtreatment.site

translogistic.africa

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

1864-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB