General
-
Target
5b.zip
-
Size
680KB
-
Sample
210505-h816gryeh6
-
MD5
92dd951a685151d1f6643d09d0862789
-
SHA1
b88132b7c92de28922b38f358c1cd97e3a099f8a
-
SHA256
20fadf5fe385b80b6178b2e553bdb5b1bf8f7cc57140ab36cbd7c34099993e98
-
SHA512
ff834c97200d3be8fd905ad49d7e4378aab4cd271e3ab4bc48d9ba8a5c889051a160718e037ee9259b8fb02e3bddac6933267b2562d20691a03a85525923ec0c
Malware Config
Extracted
formbook
4.1
http://www.glittergalsboutique.com/8buc/
affiliatetraining101.com
sun5new.com
localstuffunlimited.store
getmrn.com
nipandtucknurse.com
companycreater.com
painfullyperfect.com
3dmobilemammo.com
theredbeegroup.net
loochaan.com
alanoliveiramkt.com
lxwzsh.com
twobookramblers.com
cscardinalmalula.net
hanarzr.com
sabaicp.com
foodprocessmedia.com
tirongroup.com
dcentralizedcloud.com
xn--80abnkzb2a.xn--p1acf
Targets
-
-
Target
b57d3c5864e097f7de38ab9acce31c5d8f8c7619026c075592c2ca8e24078475.bin
-
Size
717KB
-
MD5
321c5fea0e0a4d9852c33ccb63ac6223
-
SHA1
f89fc9d8aa077928f712e2d32cee177d5210fb5b
-
SHA256
b57d3c5864e097f7de38ab9acce31c5d8f8c7619026c075592c2ca8e24078475
-
SHA512
c25bae3b77ed2e4c730a4e44878151c687b5802767f18e8ea2f252588e4cc8fa3ceb0f74891c0296afae8ed4442447a3822ebf98b40518e5d9d37135f3ae0370
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Suspicious use of SetThreadContext
-