General
-
Target
Quotation-pdf.001
-
Size
426KB
-
Sample
220128-r36mmaeggn
-
MD5
e1fa9ac21b46fd0b7c15ba0861494f6f
-
SHA1
038c0107ddcd0ac782cf1b9e0489183fb71f91d9
-
SHA256
b3a1efab40ba72a79ed8b8cc89b738bbdb356940074aee6983a1b21059baa516
-
SHA512
3e2279e2535266486cfa66fbf321445dd99059981107ea72763fc45c9c76a7fc78decee5809fffd07717b3d2dddf748597f3d02d7f7fa5866e8c9ba86de42668
Malware Config
Extracted
formbook
4.1
m17y
dental-implants-us-prices.site
eolegends.online
drskinstudio.com
miamivideomapping.com
cqytwater.com
fesfe.net
dlautostore.com
wwwpledge.com
trynutiliti.com
551milesoak.com
jemmetalfab.com
teamtrinitysellsncarolina.com
injurypersonallawyer.com
r3qcf2.xyz
djellaba-boutique.com
t6fwagd.xyz
lm-upto100.com
shyashijz.com
classicbasilicata.com
exactias.com
Targets
-
-
Target
Quotation-pdf.exe
-
Size
573KB
-
MD5
43be7a6cfb1c2fae6ad5c9e0440be4f8
-
SHA1
af4be0100e8c2b00ec1d821d72d15174ab2197e4
-
SHA256
0337d7784d4021b8467b2652f8c6ca9703732a0f132a1aebcafae37673db026d
-
SHA512
18a88af955dda3fbfc44a44ee72f8dcd32aefcc1d998316980bb235b485de6b6fee09b1322a5bd863cab5036c6b9b16c6a8aaf30c918ba5862c5b83b29406643
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-