General
-
Target
Revised Proforma Invoice_New order 657453.rar
-
Size
435KB
-
Sample
211029-qm63saabbm
-
MD5
641c1386b6f0f3536ee21eb27037a490
-
SHA1
6473f89e0d23ad3c7fe7f23000fee5ad875d2f69
-
SHA256
a2630a850064e1aea8c9306f81e86ce2c9580f9b638f3482b88c566f680acbd1
-
SHA512
2768a45bda2b53b35c2663c84480c615ea9e705b531bbaa0978bbe2e799cb3f651dd682340bf6521f2f08794a1672b00ef1f9a3f906f2588ac504de9ce96c738
Malware Config
Extracted
formbook
4.1
g8ni
http://www.er5544.com/g8ni/
nickmowat.com
garethjame.biz
colibrilift.com
vulnerabilitylabs.one
neuro-ai-web-ru.website
16mcnaestreetmooneeponds.com
bestofstmaarten.net
meditelier.com
ragnarduke.com
escueladecampo.com
vongtayvn.com
inmemoriamaan.com
yourpeoplemanager.com
r6-gytr.com
agreeablebeauty.com
snpconfirms.com
tribalurq.quest
purafuse.com
cisco-training-course.com
wery.top
Targets
-
-
Target
Revised Proforma Invoice_New order 657453.exe
-
Size
612KB
-
MD5
e308045d12e0b6080f825145d2c430d3
-
SHA1
9e64bf91fb9bdb86b502dd5bfc0eee1c2376aba4
-
SHA256
2ddee55661ebf37d1232422f9515e93599521c588e750b722424d7ac5bc48ca4
-
SHA512
d65a3d2cd96fc92e5d467d18cd3891ba044b289bcc331dfd522a3bbf555caf881cfabd7e90de00af4be7c3ac4c46093490935e20d41729337b163428e53f66d6
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-