General
-
Target
(New order - List of New Order).exe
-
Size
798KB
-
Sample
210421-ja3vhcpn2s
-
MD5
f244f2044ce561f518b872638f0ccb22
-
SHA1
2af7c3ea13826a31fc41a10b240ff299de6401f2
-
SHA256
eca866db6ef1c1359d34584e896e1c712d70b35ecc2074bc7743e407af792077
-
SHA512
0ce8c5c41d4d6c3ab2275c990cccb50fd5b32ee2e027f80a33f081115ea286498995f9d7dc63c6b9f0af83c44da83c7fa4a726667b9db1add2f3a6c0b93d15dd
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
(New order - List of New Order).exe
-
Size
798KB
-
MD5
f244f2044ce561f518b872638f0ccb22
-
SHA1
2af7c3ea13826a31fc41a10b240ff299de6401f2
-
SHA256
eca866db6ef1c1359d34584e896e1c712d70b35ecc2074bc7743e407af792077
-
SHA512
0ce8c5c41d4d6c3ab2275c990cccb50fd5b32ee2e027f80a33f081115ea286498995f9d7dc63c6b9f0af83c44da83c7fa4a726667b9db1add2f3a6c0b93d15dd
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-