General
-
Target
RFQ_19-027-MP-010203 _ 19-028-MP-010203 _ 19-029-MP-04.exe
-
Size
1.5MB
-
Sample
210119-rvx79zcyc6
-
MD5
b2661762dc1e404771a05acaa650a8ad
-
SHA1
48a6b21d8df818d53da12fbf245dd0425719ca1d
-
SHA256
5fb176b2add40ae0aed7db10e9bf4755c86b63d66d4601370605b318d5bdb4b1
-
SHA512
eace4950d5a1f465411a4808265840acc9f95d095939b4c38b4854b7939593116e4c5e5de43c6bef982a7e41330f393effcea2249aa5aeea5c6125d3a022c01b
Malware Config
Extracted
formbook
http://www.insuranceforgrass.com/cdl/
camerawifichinhhang.info
fourruchos.com
linyomould.com
rockinghamseattle.com
yax95.com
gardenvaleps-athletics.com
fundaciojaumecasademont.cat
balpreetpankaj.com
flatlyforensics.com
nehyam.com
hundredpushup.com
iqellc.com
heemosco.com
wavegoodbyeto2020.com
idea2u.net
villamoonray.com
cloud9nutrition.com
propertybysyazliaty.com
chatbgsssjeni.com
babyessentialsonline.com
Targets
-
-
Target
RFQ_19-027-MP-010203 _ 19-028-MP-010203 _ 19-029-MP-04.exe
-
Size
1.5MB
-
MD5
b2661762dc1e404771a05acaa650a8ad
-
SHA1
48a6b21d8df818d53da12fbf245dd0425719ca1d
-
SHA256
5fb176b2add40ae0aed7db10e9bf4755c86b63d66d4601370605b318d5bdb4b1
-
SHA512
eace4950d5a1f465411a4808265840acc9f95d095939b4c38b4854b7939593116e4c5e5de43c6bef982a7e41330f393effcea2249aa5aeea5c6125d3a022c01b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-