General
-
Target
6615092f91f8fee71a89f03dbb942a1f.exe
-
Size
1.1MB
-
Sample
201221-16dtv4stqa
-
MD5
6615092f91f8fee71a89f03dbb942a1f
-
SHA1
54ef6469d617c42a6d12352058ef1c655fce2cbe
-
SHA256
2b35444e90697b2a66a93f39f3cda0c95c290817c83574e8620d5920cac31523
-
SHA512
39f123216b2847d3a5ce6ab7af0dc520d5a87458bfb5c6c39845349afdff4740d0ff561c51347cbf5f0e2871c0c66a7cd71e3db8cab294617b3dc17144526d79
Malware Config
Extracted
formbook
http://www.switchtoambitwithmirtha.com/jskg/
jajaten.com
pnorg.net
rccarquibogota.com
marcomarabiamea.com
theligue.com
mdearpet.com
barokahsrivillage.com
wisdomtoothguru.com
srteamsex.com
erotictoybox.com
278698.com
victimaccidents.com
bootyfashions.com
stomasto.site
canalysisconsulting.com
printandmail.legal
bestcureforbackpain.com
apanifitness.com
smartabletech.com
facialsteamerofficial.com
Targets
-
-
Target
6615092f91f8fee71a89f03dbb942a1f.exe
-
Size
1.1MB
-
MD5
6615092f91f8fee71a89f03dbb942a1f
-
SHA1
54ef6469d617c42a6d12352058ef1c655fce2cbe
-
SHA256
2b35444e90697b2a66a93f39f3cda0c95c290817c83574e8620d5920cac31523
-
SHA512
39f123216b2847d3a5ce6ab7af0dc520d5a87458bfb5c6c39845349afdff4740d0ff561c51347cbf5f0e2871c0c66a7cd71e3db8cab294617b3dc17144526d79
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader First Stage
-
Xloader Payload
-
Suspicious use of SetThreadContext
-