General
-
Target
0BX91W1MA.scr
-
Size
770KB
-
Sample
210503-kwtl917j6a
-
MD5
f39afbe1c85c716c173a20017b94319c
-
SHA1
56398ed8fab138969bfa478e28d82f77e0ecd463
-
SHA256
8f0337a6ceabb0f235950c20db817d766d4b9e5cf8831e60ef766c82f33f7dec
-
SHA512
bbdec959a7d3299d93a6ec77980b23625f52a002e0231cb095a71a870db2819aca0d60a9c1f0eec4b5f3656c92d252a61b6ae63fb914755dc8fe74b6eddd0de8
Malware Config
Extracted
formbook
4.1
http://www.evolvekitchendesign.com/ffw/
unmutedgenerations.com
localmoversuae.com
centralrea.com
geyyfphzoe.com
silverpackfactory.com
techtronixx.com
shop-deinen-deal.com
buehne.cloud
inspirefreedomtoday.com
chapelcouture.com
easton-taiwan.com
quanaonudep.store
merzigomusic.com
wpzoomin.com
service-lkytrsahdfpedf.com
yeasuc.com
mydogtrainingservice.com
galeribisnisonline.com
cscremodeling.com
bom-zzxx.com
Targets
-
-
Target
0BX91W1MA.scr
-
Size
770KB
-
MD5
f39afbe1c85c716c173a20017b94319c
-
SHA1
56398ed8fab138969bfa478e28d82f77e0ecd463
-
SHA256
8f0337a6ceabb0f235950c20db817d766d4b9e5cf8831e60ef766c82f33f7dec
-
SHA512
bbdec959a7d3299d93a6ec77980b23625f52a002e0231cb095a71a870db2819aca0d60a9c1f0eec4b5f3656c92d252a61b6ae63fb914755dc8fe74b6eddd0de8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-