General
-
Target
Scan 1217 2020 pdf.exe
-
Size
1.0MB
-
Sample
201217-haca5pmnga
-
MD5
dfc47b08fd039e6a182bbcbbe80e416f
-
SHA1
d127d120edc04208d2ff9f2e74be068826e6cadd
-
SHA256
8636e1019ae81fce7647c4f1804bea7924d8dadeac118926e4836f19226fbe32
-
SHA512
f46993b84258f60106514979a461e8260513510617b240a29110cbe5a066f9886e760806aca56d738223647cea8b9f0cd3deaa82132ea03f7bb31b6e399fd141
Malware Config
Extracted
formbook
http://www.lupipins.com/cxs/
hempfor.pro
jadavjilalji.com
parekhbrothersjewellers.com
soapsandcandle.com
slingshotde.com
alidesiro.com
78500975.xyz
mindfx.club
miyashita-geka-2.com
thescentofstyle.com
collegiatecoronavirus.com
techewa.com
liteletherapy.com
mbenguist.com
divorcetemeculalawyer.com
halostreams.net
brutus1.com
thenewdadbody.com
coppermines.net
henryciencias.com
Targets
-
-
Target
Scan 1217 2020 pdf.exe
-
Size
1.0MB
-
MD5
dfc47b08fd039e6a182bbcbbe80e416f
-
SHA1
d127d120edc04208d2ff9f2e74be068826e6cadd
-
SHA256
8636e1019ae81fce7647c4f1804bea7924d8dadeac118926e4836f19226fbe32
-
SHA512
f46993b84258f60106514979a461e8260513510617b240a29110cbe5a066f9886e760806aca56d738223647cea8b9f0cd3deaa82132ea03f7bb31b6e399fd141
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
ModiLoader First Stage
-
Deletes itself
-
Suspicious use of SetThreadContext
-