General
-
Target
Booking Declined.scr
-
Size
1.1MB
-
Sample
210505-jys3cd7cz2
-
MD5
72014c837d630e0eb8b79d0995166d47
-
SHA1
57ea4b26a34c0779ae9767cc957452883475cadc
-
SHA256
2deb22be02f4464416048e124a39c1a8df4f29ba90d783d27bfcefa29ddce161
-
SHA512
c74de6fc4b35c52b25062ca5d82f93e93f5978eebacac89fc6e473d6c52141b0737fccbd7810820a5c31ad08ad7288b86f6784b7e9ced821bab13d4a2c8b4c69
Malware Config
Extracted
formbook
4.1
http://www.evolvekitchendesign.com/ffw/
unmutedgenerations.com
localmoversuae.com
centralrea.com
geyyfphzoe.com
silverpackfactory.com
techtronixx.com
shop-deinen-deal.com
buehne.cloud
inspirefreedomtoday.com
chapelcouture.com
easton-taiwan.com
quanaonudep.store
merzigomusic.com
wpzoomin.com
service-lkytrsahdfpedf.com
yeasuc.com
mydogtrainingservice.com
galeribisnisonline.com
cscremodeling.com
bom-zzxx.com
Targets
-
-
Target
Booking Declined.scr
-
Size
1.1MB
-
MD5
72014c837d630e0eb8b79d0995166d47
-
SHA1
57ea4b26a34c0779ae9767cc957452883475cadc
-
SHA256
2deb22be02f4464416048e124a39c1a8df4f29ba90d783d27bfcefa29ddce161
-
SHA512
c74de6fc4b35c52b25062ca5d82f93e93f5978eebacac89fc6e473d6c52141b0737fccbd7810820a5c31ad08ad7288b86f6784b7e9ced821bab13d4a2c8b4c69
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-