General
-
Target
PO.zip
-
Size
247KB
-
Sample
211011-3bhx2aaeb2
-
MD5
d79203a9e982a740a2f4f7dfd6633464
-
SHA1
d594260fc4e300fdf90a7c84782f5a1276c453b2
-
SHA256
d9ee3d4f7d340ba53d7d252addd31c0666c926663be58fa8e04ee40a4b7a7fdb
-
SHA512
4dfd8225790c1f3b90eb6c722a1a629daf89853ff573c5d983a760943207ae6cc124ef5f12988343dcba81ced1c1ca2ed7a5cf3643835fae857a89e5dc3d9a88
Malware Config
Extracted
formbook
4.1
w6ya
http://www.truth-capturemachine.com/w6ya/
auden-audio.com
zombieodyssey.com
hdpthg.com
toddtechnical.com
njsdgz.com
yieldfarm.world
guardsveirfynews.net
atmamandir.info
eskisehirtostcusu.online
arrozz.net
v99king.win
jaxonboxing.com
morganevans.net
syandeg.com
valleyofplants.com
corsosportorico.com
tak.support
blacktgpc.com
herdpetshop.com
iifkvhns.xyz
Targets
-
-
Target
PO.exe
-
Size
260KB
-
MD5
dcc82f6d02352ba09401b5e5903fc2c9
-
SHA1
1fc8ead283ee92f4f1c7b3638d6cb91a9a2a6a8e
-
SHA256
c96178775d7f8dd8b06a4e59aad0367f36abc11680081acfcc2b446fb0ee28b1
-
SHA512
714003eb53f9a2d3198dbcad9d666e2d5380415f3d5c4ba5f8129cfe585fd21453f6720995ca536151fdd7787dbef3bb5bc8131865b9b8905da3311bf9bae541
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-