General
-
Target
Invoiceo.exe
-
Size
749KB
-
Sample
210503-fqhffa39gn
-
MD5
8f2489d7ce50e99109af9925818daf2b
-
SHA1
5481d53e59fda1e0d849b677e15b410ba6f64fbc
-
SHA256
0013853950647289e952326b93ce46aa3e73db654367ef3c005e29257db31fba
-
SHA512
e68ac0d33ddecb3712068f94b3a1459f57b26a9e74e970cb7f4ce2f1e64341d72294b2907049e738d115807ef9bd9e622483b64c2e2b26cc228df52a42195268
Malware Config
Extracted
formbook
4.1
http://www.swim-maki.com/csi/
crazyonlineboutique.com
nelivo.com
chibimama-blog.com
teachersofnyc.com
rare-snare.com
sunriseatlennox.com
innovate-nation.com
mahowebcam.com
foodbyroyalbites.com
nkm580.com
premiumplanterboxes.com
uspaypausa.com
wto2b.com
evoocb.com
missilenttech.com
adtlive.com
guapeco.com
keepfaithful.com
djayhoward.com
cora-designstj.com
Targets
-
-
Target
Invoiceo.exe
-
Size
749KB
-
MD5
8f2489d7ce50e99109af9925818daf2b
-
SHA1
5481d53e59fda1e0d849b677e15b410ba6f64fbc
-
SHA256
0013853950647289e952326b93ce46aa3e73db654367ef3c005e29257db31fba
-
SHA512
e68ac0d33ddecb3712068f94b3a1459f57b26a9e74e970cb7f4ce2f1e64341d72294b2907049e738d115807ef9bd9e622483b64c2e2b26cc228df52a42195268
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-