General
-
Target
09021.gz
-
Size
523KB
-
Sample
210921-n2axsacaep
-
MD5
bacd65cdd5bac7dffd56f6c9d8f8236b
-
SHA1
44e1e92010cbc510764461ce58aedf518cf8562c
-
SHA256
daf2171fbf6da5a14b9ac720e3f6a1f75d8d7c1d3e3be02c308ae4faa854eb65
-
SHA512
6f0071c2c6a1fd70836b69d682c6c37efbb1bd9906f32a8c34ed89aa1c08648420f6f9b6c5b221503aec6306b55d1585b7e15f874564e9894e074997af6d1d9d
Malware Config
Extracted
formbook
4.1
o4ms
http://www.nocodehost.com/o4ms/
fishingboatpub.com
trebor72.com
qualitycleanaustralia.com
amphilykenyx.com
jayte90.net
alveegrace.com
le-fleursoleil.com
volumoffer.com
businessbookwriters.com
alpin-art.com
firsttastetogo.com
catofc.com
ref-290.com
sbo2008.com
fortlauderdaleelevators.com
shanghaiyalian.com
majestybags.com
afcerd.com
myceliated.com
ls0a.com
Targets
-
-
Target
09021.exe
-
Size
592KB
-
MD5
2536c125edc35ac5061b596308ff8dcd
-
SHA1
d0506e1bcdb5c8a3714ccb0fa6603173ade0baf7
-
SHA256
d9cc0ba64d20a3a60f1580c74ff1269f5b545a0abf23362cbc678b12057a6cf3
-
SHA512
f2e22c98a7a1986178413aa7661707973b6357fe3c2576f12e7b0a4817693f559a0aa6edae364b7c94875058d1e2dc91efeb4d2d05a826a060fa21cf14918521
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-