General
-
Target
Factura de proforma.Pdf.zip
-
Size
368KB
-
Sample
211026-zcc7dsaahp
-
MD5
fadbdb1f04c3f950dfa01fe0d8243f81
-
SHA1
bffe1d28d2790ece0dfb43bcfeefe354f758179d
-
SHA256
b4f96434e2b2659a4c17a81ecf497f2d9bfbb8cb75fdb623d57f2e7377a46f99
-
SHA512
b3239789a01164d70961aec58598dcf8d90e4b9d04a8dda7be143f64778e3acfd68bdfa830a7861fbaf1c1d9e45407c316d338951d8de25829ed2a2576349741
Malware Config
Extracted
formbook
4.1
dv9n
http://www.elianedefalco.com/dv9n/
nblvqing.com
delmegebuildingproducts.com
xiongba8.com
latuawebreputation.online
nowcloud.tech
cckghs.com
tradeoo.ltd
ppapo.com
tphoaphuongdo.club
whitefoxy.site
bottle-sentences.net
computersewa.com
lushberryholidays.com
motobotz.com
shadurj.com
amazonlexdeveloper.com
shunli178.xyz
sjzzlmh.com
6eu09rp.xyz
novinmes.com
Targets
-
-
Target
Factura de proforma.Pdf.exe
-
Size
416KB
-
MD5
1023715ab1412b3ab39be25ad6054e9c
-
SHA1
b93d9283fffc26259a3675195ed878b3089ca8b7
-
SHA256
b4585da149dee9da71100f73ac5088f6dcd2f0bad3a155a78615ab321fce3f71
-
SHA512
63a837b607dd274a3285380d2bdad3b0b059ffbb39b7e7f14a9d76eb3dc4fca861cf0bcfd6be4420f3a13d83f3388afbc41859a08c3b87778bdebdd399eca376
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Suspicious use of SetThreadContext
-