General
-
Target
ec1a41f1_by_Libranalysis
-
Size
856KB
-
Sample
210430-efabzm2z6e
-
MD5
ec1a41f165be998345704e6b350ed019
-
SHA1
3ce2a3d1331d6beca2550bbd22c88b9ab8a1c443
-
SHA256
dbf887040bc3e1fbb15bd06efb2fa9752e8fab18bd63cde0a94365def36f122c
-
SHA512
ce8e2b1d7d6473140855eeae396aeb1f017579a13835e5d9a46192e5b0499f7dd5a333c3ef7ee9605069c75c0fd79f523444c9cffaaa1e65747c7f55f3cbb290
Malware Config
Extracted
formbook
4.1
http://www.royalelectricvehicle.com/m8uk/
blackcountryteshirts.com
pioneergeoscience.com
calacciwedding.com
theelegantdoorbow.com
graciosera.com
kwikversity.com
izita.xyz
drivewiththebest.co.uk
kakback.xyz
sachascott.net
lifeenterprisesystems.com
interimgirl.com
myviralplatform.com
spainmatrimony.com
supergenx.com
leglehla.icu
otlhswdok.icu
1stfdsqnre.com
xxxcentral.net
movimentare.com
Targets
-
-
Target
lH9gneQxxLcSOHF.exe
-
Size
1.1MB
-
MD5
d336f736a9c84ce0b1e253c52f1643b3
-
SHA1
b9d79e4168b0e2bf89457ed7fc4b3fd83540d1c3
-
SHA256
8ed07c91dc9c7015a41b341c574e797402cecbaa097e0a12559fbb848420a11c
-
SHA512
42f7764c7c652bd8e9a91cefdd51a1a8dd45e535b10a98b9b144f8f7dc2143868c79b0da2b22348f6811fbcb0466b60037e04e6959b980fcc989bfe255da9016
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-