General
-
Target
Shipment Document BL,INV and packing list.jpg.ace
-
Size
217KB
-
Sample
210420-9v83epfrbe
-
MD5
9261a1125bffa06bb3ae16523c46bc4b
-
SHA1
f28b334edceb6d332263488d1ef33cca0e5ce2f6
-
SHA256
3869ecd2689762f1d62807c50b58e83ee2f5b8a58216ae6ecb67dc8e46ef6d71
-
SHA512
ca46d6c4fd2357b38351fba4cffe75813b52316e5919597f8300b2f05f0ec5f09ee5cf14cc076ecedf9319a10d05e55dfa701f8df7aed0ae6384ffdc561e954c
Malware Config
Extracted
formbook
4.1
http://www.localmarketingaiagency.com/pgr/
rhymewitnessnews.com
z1seven.com
quaidon.com
spruiodes.com
leanderpumpkinpatch.com
starfood-eg.com
americanrestorationreport.net
myonyxfoundation.com
adcvea.com
theassociationconsultant.com
snaparama.com
ukajp.com
guarfianlife.com
e-dourouss.com
beflybmx.com
ceoesalamanca.com
myoxx.com
maxwatertreatment.com
maskelicious.com
aditridental.com
Targets
-
-
Target
Shipment Document BL,INV and packing list.jpg.exe
-
Size
231KB
-
MD5
50456fb9b8f0806b76ffd072a5bb70f2
-
SHA1
ec8e584acd7b5153cf50d9c338b002666e7f85d8
-
SHA256
aca4e7d8bc5a58300b0945187c084f6c2c44418133ffb36adfb08e25d285de82
-
SHA512
42c006d277fb4526f56523fb8fb415f7f00e66fe165cbedac2af399a9cabd01c572b76a3706daac292dc5b64e0abcfe8d6f6a5744cba5295f1abc7d3eda00fe9
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-