General
-
Target
invoice.lzh
-
Size
530KB
-
Sample
210723-w1sb7hv9te
-
MD5
d8135073743eead59a3ecde61bf051ca
-
SHA1
11a89d02e31a429b48295da8cd1c760a7ceae38d
-
SHA256
b506bb786b2b45d252f9886ad94e63cb60b60544dade0680b096f80c84cada7a
-
SHA512
15fe12c916712fab35377a7459da35624b5ed3d218c0bb7beab17a932a1883a333e0679122ce70130278d34dba9fc2d2033c8cec4024646bd73ab8702b28210b
Malware Config
Extracted
formbook
4.1
http://www.knighttechinca.com/dxe/
sardarfarm.com
959tremont.com
privat-livecam.net
ansel-homebakery.com
joysupermarket.com
peninsulamatchmakers.net
northsytyle.com
radioconexaoubermusic.com
relocatingrealtor.com
desyrnan.com
onlinehoortoestel.online
enpointe.online
rvvikings.com
paulpoirier.com
shitarpa.net
kerneis.net
rokitreach.com
essentiallygaia.com
prestiged.net
fuerzaagavera.com
Targets
-
-
Target
invoice.lzh
-
Size
530KB
-
MD5
d8135073743eead59a3ecde61bf051ca
-
SHA1
11a89d02e31a429b48295da8cd1c760a7ceae38d
-
SHA256
b506bb786b2b45d252f9886ad94e63cb60b60544dade0680b096f80c84cada7a
-
SHA512
15fe12c916712fab35377a7459da35624b5ed3d218c0bb7beab17a932a1883a333e0679122ce70130278d34dba9fc2d2033c8cec4024646bd73ab8702b28210b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-