General
-
Target
Bank swift.exe
-
Size
594KB
-
Sample
210420-2a8pc378q6
-
MD5
cb045e8eaa8c74a5b79da54d9cb038ea
-
SHA1
d291b57e8a814e02111b0146687dfb09263ab73c
-
SHA256
47031aee7dc67644c841246a50bacd54a31d56603c1305d9966fb56c3b3cb448
-
SHA512
b07ab3643ab4b77829cb89b2c45e0227b018d83050905b7c85bf939f7d99e6e324df3c6aac0700a9622f290ed03d57eb5c864d7778d4ef86537dea443ba49af5
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
Bank swift.exe
-
Size
594KB
-
MD5
cb045e8eaa8c74a5b79da54d9cb038ea
-
SHA1
d291b57e8a814e02111b0146687dfb09263ab73c
-
SHA256
47031aee7dc67644c841246a50bacd54a31d56603c1305d9966fb56c3b3cb448
-
SHA512
b07ab3643ab4b77829cb89b2c45e0227b018d83050905b7c85bf939f7d99e6e324df3c6aac0700a9622f290ed03d57eb5c864d7778d4ef86537dea443ba49af5
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Adds policy Run key to start application
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-