General
-
Target
neue Ordnung.zip
-
Size
622KB
-
Sample
210810-whg2n2znce
-
MD5
b1525dd93c9bb319b3be9dab3fa9c31a
-
SHA1
a4b58df262e83902728d12d24283d8fbee3a8a56
-
SHA256
26039e0d7ac0856375503044d4c336bce61c82ccc9665fe6c3bddc80a4d4ddc0
-
SHA512
6168e6afbce10e9e1f3d1377f39fe0e0ea705cd2fafe613f6901ac3328e9542774b2f0829133931ce1548ce4be1e9ef1d39f93945185b644ff9cd820a001e0ea
Malware Config
Extracted
formbook
4.1
odse
http://www.guncelekspres.com/odse/
braedlifestyle.com
morganjohnsondesign.online
surup-v48.club
diypoolpaint.sydney
v-b7026-ghhh.space
vetyvar.com
lollydaisy.com
campsitesurvival.com
autocalibre.com
fusiontech3d.com
xn--udkog0cvez259c82sa.xyz
eccentricartist.com
jc-zg.com
wacwin.com
livehealthychoice.com
visijuara.com
phigsa.com
sabayawork.com
afcerd.com
joeyshousesessions.com
Targets
-
-
Target
neue Ordnung.exe
-
Size
739KB
-
MD5
b8a6bff0de26505a8671135a34c21ff9
-
SHA1
3da946ce135ebc855d27681a9baffb8204013ab7
-
SHA256
ca928ee1114c01bf51f11b5200d0da9a823cd35cc4e616ddd3f44ddd3f3fcb56
-
SHA512
9804648531b9bb9d9e4d3632b0f43dfd5fd5423a12571376900b7801a2b0f0e20be5bbef04ec76d59139f9a1df7dd162d784f63a4caea82746768d25578cbc13
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-