General
-
Target
PO.gz
-
Size
219KB
-
Sample
210420-hy5jqp6wrj
-
MD5
0ff3d1aaeab144eaa2aac15b2a0d609b
-
SHA1
adfa8ef47b508216d941f2a7f4481f8e859a228b
-
SHA256
45808e8aaed0b109e66d745787d59d1965c10b718eef167d7a2bae2c8df4b5f6
-
SHA512
7b6430388acebfe8b495ff88716a4dd8ae3b72b9479df69c792aa0e6078a618620e7b3c8fdb6629bb38e3c3f5ef003c1f77c18378a4d9323645a76fc4b0e3070
Malware Config
Extracted
formbook
4.1
http://www.middlehambooks.com/klf/
podcastyourvote.com
northernlsx.com
guide4idiots.com
artebythesea.com
sapanyc.com
livinoutthedreamsco.com
thepowersinyou.com
protocolmodern.com
holdergear.com
betteringthehumanexperience.xyz
agnostec.com
royermaldonado.com
wealthtruckingco.com
artcode-software.com
microsoftpods.com
identityofplace.com
algoritas.com
grandpaurbanfarm.net
zahidibr.com
flawlessdrinking.com
Targets
-
-
Target
PO.exe
-
Size
234KB
-
MD5
220dd8a37c0783d1e906525186ddc95c
-
SHA1
0153efd575f5ce0afeb5e8e7f40b6d0e0967e456
-
SHA256
7de63d57554daf81ef5bd3508fce96ae9d2eaae9bee30eb29d147095b3d9ea33
-
SHA512
5fab23a422fb69d302d4c60cc347007dee423af00657386a3a232ab7faadd70903d11ef7b3cfc957bad431b519bf205e328427f67af3a4303e25c9f009f2c224
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-