General
-
Target
flWhrV1J6MAi1kS.exe
-
Size
345KB
-
Sample
201109-ppzpscl12n
-
MD5
61a281d6005afdcb7b9f25b16e71bff3
-
SHA1
a380e614531478c3adf122e78568308e8a46f5c5
-
SHA256
9148c87726f97b18e044b9059a608a3b809ae02a795d44c1609bff24232c45ac
-
SHA512
bc174c366bfefc2acabdaa9b7548a726db82ff408cc145d85d5d7b0400e129d6688aa07928e0dd0a0bdcb9e0598ce86f48c77f7fc2607bdbe440014463eb0f9f
Malware Config
Extracted
formbook
http://www.spatren.com/k0f/
uao2o.info
hehe2.net
beautyqueenstores.com
chataan.com
brazzers-shop.biz
evolutionareligion.com
laysusannausboko.com
idewweddings.com
superwebox.com
moviesfan.net
deal-mix.com
infrarotgrilltest.info
corelesseposrolls.com
mpbrandl-finetrade-gamma.com
statement-log-in.info
romita4harrison.com
cpateamconsultant.com
gxdiaoyu.com
motocenterlaba.com
mlrs1314.com
Targets
-
-
Target
flWhrV1J6MAi1kS.exe
-
Size
345KB
-
MD5
61a281d6005afdcb7b9f25b16e71bff3
-
SHA1
a380e614531478c3adf122e78568308e8a46f5c5
-
SHA256
9148c87726f97b18e044b9059a608a3b809ae02a795d44c1609bff24232c45ac
-
SHA512
bc174c366bfefc2acabdaa9b7548a726db82ff408cc145d85d5d7b0400e129d6688aa07928e0dd0a0bdcb9e0598ce86f48c77f7fc2607bdbe440014463eb0f9f
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
rezer0
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-