General
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.9877.8691
-
Size
252KB
-
Sample
210507-mejwp18y7x
-
MD5
e329a2ae51067a9ae8a508fb7dd34ca8
-
SHA1
e2371038a5cac558e52297cb808ead02c2150c36
-
SHA256
9de1892b227f07e8896b3dfa4d1f8b450bf2af962b1ec34f3075acc7a4187259
-
SHA512
e76add738078a81d9465e0e9f40638dc385b9909428d684d5048ae3c6549de040012d8a2310f05e10e94cef4528d3e08490a96774dbb848003ef31f70886febc
Malware Config
Extracted
formbook
4.1
http://www.111bjs.com/ccr/
abdullahlodhi.com
jevya.com
knoxvillerestaurant.com
mekarauroko7389.com
cricketspowder.net
johannchirinos.com
orangeorganical.com
libero-tt.com
lorenaegianluca.com
wintab.net
modernmillievintage.com
zgdqcyw.com
jeffabildgaardmd.com
nurulfikrimakassar.com
findyourchef.com
innovationsservicegroup.com
destek-taleplerimiz.com
whfqqco.icu
kosmetikmadeingermany.com
dieteticos.net
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Androm.29.9877.8691
-
Size
252KB
-
MD5
e329a2ae51067a9ae8a508fb7dd34ca8
-
SHA1
e2371038a5cac558e52297cb808ead02c2150c36
-
SHA256
9de1892b227f07e8896b3dfa4d1f8b450bf2af962b1ec34f3075acc7a4187259
-
SHA512
e76add738078a81d9465e0e9f40638dc385b9909428d684d5048ae3c6549de040012d8a2310f05e10e94cef4528d3e08490a96774dbb848003ef31f70886febc
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-