General
-
Target
5305315123953664.zip
-
Size
356KB
-
Sample
210921-1cewnaafh8
-
MD5
d2fd7a96363d8225f69a10c78bf2f8ec
-
SHA1
6902dbe33999bd864987a856894aebb0240d98d6
-
SHA256
fc5a052f20f4e6bca0524a941378958a7453f6c1d175bd76ab15cfefc8a2b50f
-
SHA512
4b15542b25e6e9f1b1a179f74a09a22be849b02f2ba29a6a6431ad1c4c12eb7479608cb0ed32f2e39b9e45458dbe1732aa9c06f69e30fb5f7b9c94f8331223aa
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
Targets
-
-
Target
3a4fe418c0fd2b0a6b8f077018090aa3d7bf961a51f149016cb1acd20ac0bc3c
-
Size
891KB
-
MD5
f7a4a8fb3357d589997d50c32ad054a0
-
SHA1
60eb51c2e7c1bc2ac858d72b8344565dcede6f10
-
SHA256
3a4fe418c0fd2b0a6b8f077018090aa3d7bf961a51f149016cb1acd20ac0bc3c
-
SHA512
e51d96aa4338eefd34ab5d915be30923845b4658e743e8359991f4c216c490966b14692a106796c466529800a7463e7a2937600b47bfb1073defe7e69ceff99b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-