General
-
Target
Rendi eshte bashkangjitur.exe
-
Size
611KB
-
Sample
210422-nhq87pbzre
-
MD5
d3167fb7d23587aa700519d4392a9991
-
SHA1
bbaa348775bbb75075c5caf22c5936ea6ac8d265
-
SHA256
8029efcb7391f5085588b26992a6ecf4a5b59f036f41ec21ce720bf98e75d512
-
SHA512
56556c1542301412a1276f8f672294d32e07949ae8c490c93343d8afc0211b1a9c8a3e3fd4813c505c0e8f895d06ed22b5970bee4c50969e91e21b4fec6b3c34
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
Rendi eshte bashkangjitur.exe
-
Size
611KB
-
MD5
d3167fb7d23587aa700519d4392a9991
-
SHA1
bbaa348775bbb75075c5caf22c5936ea6ac8d265
-
SHA256
8029efcb7391f5085588b26992a6ecf4a5b59f036f41ec21ce720bf98e75d512
-
SHA512
56556c1542301412a1276f8f672294d32e07949ae8c490c93343d8afc0211b1a9c8a3e3fd4813c505c0e8f895d06ed22b5970bee4c50969e91e21b4fec6b3c34
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-