General
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.27447.31261
-
Size
252KB
-
Sample
210507-2qnbt25jxa
-
MD5
2e8b3260047d829ba61205befbaf93fd
-
SHA1
cc2a109e5faa29d3465c5262edbe2775e8da4bf7
-
SHA256
1171bee7f280dad2201f6be582f08bf56771c54e4e0912964d93d320f4b1f32a
-
SHA512
7b0d8d7bf7f08a2c6aa44bbee7da16322a0361df1f3254d31b5e5aa618aa57d9bf45ac296cab05746337f45b863e9f7efc57c3c6e25999e85bd1e4102e9a9964
Malware Config
Extracted
formbook
4.1
http://www.craftsman-vail.com/cca/
whenpigsflyhigh.com
artistiklounge.com
tinytrendstique.com
projektpartner-ag.com
charvelevh.com
easycompliances.net
zengheqiye.com
professionalmallorca.com
bonzerstudio.com
nelivo.com
yangxeric.com
aredntech.com
twincitieshousingmarket.com
allshadesunscreen.com
xiang-life.net
qmcp00011.com
lindsayeandmarkv.com
fbcsbvsbvsjbvjs.com
saveonthrivelife.com
newdpo.com
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.27447.31261
-
Size
252KB
-
MD5
2e8b3260047d829ba61205befbaf93fd
-
SHA1
cc2a109e5faa29d3465c5262edbe2775e8da4bf7
-
SHA256
1171bee7f280dad2201f6be582f08bf56771c54e4e0912964d93d320f4b1f32a
-
SHA512
7b0d8d7bf7f08a2c6aa44bbee7da16322a0361df1f3254d31b5e5aa618aa57d9bf45ac296cab05746337f45b863e9f7efc57c3c6e25999e85bd1e4102e9a9964
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-