General
-
Target
WZ454554.exe
-
Size
788KB
-
Sample
220113-xzemmacbg4
-
MD5
58b39c2620cdda3d3fa6a125f476fc9f
-
SHA1
5d2672c79e9dffb2cdeee0d00e406c03c762985c
-
SHA256
fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
-
SHA512
98e5dd2734fd7ac0515e834f0afc817de1135503c493c3037f6f1e60c070e24e2f34c53ed08a215affd2f3add1e79cc0e6559c9a02c4431b40c2c6b1a89a522f
Malware Config
Extracted
formbook
4.1
m9g2
pubgnewstatedl.com
guidedwaveradar.com
onlineexitpoll.com
mutationdesign.com
p60p.com
xhcaijing.com
skpcart.store
houseathomes.com
thenorthdale.com
kvkkkararozetleri.com
formecondominium.com
7808lll.com
mitchfletcher.com
thatsawrapfl.com
glrinternationalfzco.com
dbmxkgek.com
feelingfancy.com
nishieihuku.com
newearthhg.com
tenlog040.xyz
Targets
-
-
Target
WZ454554.exe
-
Size
788KB
-
MD5
58b39c2620cdda3d3fa6a125f476fc9f
-
SHA1
5d2672c79e9dffb2cdeee0d00e406c03c762985c
-
SHA256
fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
-
SHA512
98e5dd2734fd7ac0515e834f0afc817de1135503c493c3037f6f1e60c070e24e2f34c53ed08a215affd2f3add1e79cc0e6559c9a02c4431b40c2c6b1a89a522f
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook Payload
-
ModiLoader First Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-