General
-
Target
Promar Industrial Chemicals PO.lzh
-
Size
373KB
-
Sample
220128-qzpz2adfal
-
MD5
bb8abf2a56123e1a20a22b1fed1b2f39
-
SHA1
440b8c61283ce7cc64225c02f00471c9f0a63306
-
SHA256
24297af3766db60f58d626d2c31e8647b2c596259a26d067481916c8cd16091d
-
SHA512
91864c86e5af76344c0a51e0701da42881772c3bbe0dbf38b5eeba32423ba8141a8a0ec0f395f2cbd9c797e72db192c374dc94c94cb10800dbd5f4a062ab39d7
Malware Config
Extracted
formbook
4.1
n2t4
livingthroughthechaos.net
videobuzzmedia.com
felineformulas.com
theorganicbees.com
bizoeflow.com
gtbcked.com
immortalapenft.com
pacherasrl.com
defunddrip.black
fromefarm.com
newmedicalnetwork.com
nikosblue.com
kaecfu.online
arcane-stylish.com
7ox.info
osamaabuzawayed.com
noemielatour.com
baccaratjava.com
latinfoodandwinefestival.com
magiclandstudios.com
Targets
-
-
Target
Promar Industrial Chemicals PO.exe
-
Size
419KB
-
MD5
c368451b88a7831a71d9f9e9cbdf6ce5
-
SHA1
dfd8f1ef334550cd94763e0bc60b5b4f243f3ebd
-
SHA256
2d982a64999857ad75996e06f4a858c43b1bd5e17422195414de62d5e344e413
-
SHA512
52c9208cad6f6ff477b4013d32e3b5f15a8e71d4b33dcc8825c21d7c5d0ef00dcbd9b805865340d57688fcd51726ddc5b0b74b6167c0586c7e0e7a6192fe1d17
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-