General
-
Target
Request for Quotation.rar
-
Size
578KB
-
Sample
210119-jhyflrzxkj
-
MD5
12a489331601b8fb523274b4f9220395
-
SHA1
f29b006dc7d7c65ad194bd3ad09d24a2409bba31
-
SHA256
51fb9b5d18024da76ab74d7f21eb0c8d0d278d01b4e6f96f3d0d4187bedd5a36
-
SHA512
23c3f9705965c5fe46c10dffb63f86772901f35834c72257afd8c8d6043751550642dbca29f532f10416e3dbb0cec698174b9da795e4f25e82bb56961c569138
Malware Config
Extracted
formbook
http://www.outtheframecustoms.com/9t6k/
parklineemployerperks.com
container-hq.com
harzproductions.com
wweebtedge.com
sandiegosalesandleasing.com
ri-web-dev.com
ufomars.com
countrybarndogkennel.com
imakestuff.xyz
lnmqjy.com
martialarttemple.com
jermaine-williams.com
ahomedokita.com
buttsliders.com
3344cq.com
umkxmhopi.icu
houstonlasertreatment.com
makingdoathome.com
ladysativamarketing.com
shroomgiant.com
Targets
-
-
Target
Request for Quotation.exe
-
Size
1.0MB
-
MD5
7f2ab7a73897ef184b2b2f88c441f7b2
-
SHA1
ba88609508657b04c665d15b9fec27565810aec9
-
SHA256
ae8f3d13092dbd9ac0a490c691eefafe0026e44148a9df896d6b5b8edceb5284
-
SHA512
6aa465396a70f43812e2b19da321ce02bd2a018108dd8fd29c1b9beac0d787979a15d8cebf5d62b38cc38eadada54a6b0c7a2aa0977ceedf9caef1229edd81d8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Suspicious use of SetThreadContext
-