General
-
Target
LOI.exe
-
Size
730KB
-
Sample
210120-z2fqle586n
-
MD5
17069e546f158a94eebb67883783f236
-
SHA1
78bf28fc9cfc94fa4b0232d25b3eeebcc1d823e2
-
SHA256
55e40397f7933e9ae3826ebb13481d4f91f31dd7c8e4de461f5f90679c05ffc6
-
SHA512
5ae9a6ff39d634c28750a6dea20956dadb29aac92621ac16fb7800fded33de1202ea0e82bd187da0eff2cbbdba7039f821a196e7c0b367aeeb5e18b3ba9f788d
Malware Config
Extracted
formbook
http://www.myoasisforhealing.com/zu8g/
teamhumanity2020.com
nestennhome.com
suamaylanhmiennam.com
antigermpros.com
lisatfashions.com
5509bet04.com
vpncreate.com
rangers3.xyz
kotaskeyschains.com
manatapmasalalu.com
mordo.asia
ranelpadon.com
tisnmao.com
eatsourdough.com
spreadthelovestophate.com
superiorvillage.com
ecualeaf.com
tribelogy.net
kaway.online
xp055.com
Targets
-
-
Target
LOI.exe
-
Size
730KB
-
MD5
17069e546f158a94eebb67883783f236
-
SHA1
78bf28fc9cfc94fa4b0232d25b3eeebcc1d823e2
-
SHA256
55e40397f7933e9ae3826ebb13481d4f91f31dd7c8e4de461f5f90679c05ffc6
-
SHA512
5ae9a6ff39d634c28750a6dea20956dadb29aac92621ac16fb7800fded33de1202ea0e82bd187da0eff2cbbdba7039f821a196e7c0b367aeeb5e18b3ba9f788d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-