General
-
Target
cf6b0ca56283bc07e8d8ae06c2e8c1f3.exe
-
Size
1.1MB
-
Sample
201218-a3ybyfdh1x
-
MD5
cf6b0ca56283bc07e8d8ae06c2e8c1f3
-
SHA1
c37b2bd42962c2b557e9912a10a5988336f308d5
-
SHA256
e7886a202e776ec7cea4d8bccb65c2aefad54a1e0221493168f44457dc2a94cd
-
SHA512
dc76650ad0679ce0905d73857805ef36d3dc72492c0ccdca265db03c71eea03bb8835c2d6278fa23dbfdc85946c3a8efda874693df6b30d795e00b153cf3555d
Malware Config
Extracted
formbook
http://www.switchtoambitwithmirtha.com/jskg/
jajaten.com
pnorg.net
rccarquibogota.com
marcomarabiamea.com
theligue.com
mdearpet.com
barokahsrivillage.com
wisdomtoothguru.com
srteamsex.com
erotictoybox.com
278698.com
victimaccidents.com
bootyfashions.com
stomasto.site
canalysisconsulting.com
printandmail.legal
bestcureforbackpain.com
apanifitness.com
smartabletech.com
facialsteamerofficial.com
Targets
-
-
Target
cf6b0ca56283bc07e8d8ae06c2e8c1f3.exe
-
Size
1.1MB
-
MD5
cf6b0ca56283bc07e8d8ae06c2e8c1f3
-
SHA1
c37b2bd42962c2b557e9912a10a5988336f308d5
-
SHA256
e7886a202e776ec7cea4d8bccb65c2aefad54a1e0221493168f44457dc2a94cd
-
SHA512
dc76650ad0679ce0905d73857805ef36d3dc72492c0ccdca265db03c71eea03bb8835c2d6278fa23dbfdc85946c3a8efda874693df6b30d795e00b153cf3555d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader First Stage
-
Xloader Payload
-
Suspicious use of SetThreadContext
-