General
-
Target
98c87992_by_Libranalysis
-
Size
734KB
-
Sample
210510-mb4t9xhdaj
-
MD5
98c879923a9cd4da08959fd0318c3d35
-
SHA1
a3f7a4ee4da515858e2235d91c0206cef37446a9
-
SHA256
960cd364b10841b71b638aca1807d5667cf340e76102389d45d7df4c17401ed2
-
SHA512
5294f7018e8ede10f69fef71d15613f067f3d334d366de40949ca9764a82980031785b6c77f798d8f31e8b026a1531a0ea99cefc9812b51672d89e6ec44c612c
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
98c87992_by_Libranalysis
-
Size
734KB
-
MD5
98c879923a9cd4da08959fd0318c3d35
-
SHA1
a3f7a4ee4da515858e2235d91c0206cef37446a9
-
SHA256
960cd364b10841b71b638aca1807d5667cf340e76102389d45d7df4c17401ed2
-
SHA512
5294f7018e8ede10f69fef71d15613f067f3d334d366de40949ca9764a82980031785b6c77f798d8f31e8b026a1531a0ea99cefc9812b51672d89e6ec44c612c
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-