General
-
Target
b45a38f7012d02b12d3613d25450847d87c14c9b3207380594fc5e1f1b1728d9
-
Size
510KB
-
Sample
220131-jyn8sagggk
-
MD5
9e50ed09439b4f2206f6cee1b233677c
-
SHA1
719705903de481a3c680db18f8cef892efef3dc7
-
SHA256
b45a38f7012d02b12d3613d25450847d87c14c9b3207380594fc5e1f1b1728d9
-
SHA512
927789d6fca24317b1cc41825485cf06cf337204d8007b32220ef2fb28ee48275102a9148682336f76e7586e5ed714d1de2098c08886ea1b76007880a5c45d80
Malware Config
Extracted
formbook
4.1
bt33
mbaonlinefreedegress.info
myforevermaid.com
daoyi365.com
weientm.com
legal-mx.com
formationrigging.com
heidiet.xyz
school-prosto.store
healthvitaminnutrition.com
digitalsolutionusa.com
little-bazar.com
jnbeautycanada.com
optoelek.com
learntoairmail.com
hawkminer.com
kingofearth.love
ktnstay.xyz
zouxin.love
mainlandpr.com
mamm-hummel.com
Targets
-
-
Target
b45a38f7012d02b12d3613d25450847d87c14c9b3207380594fc5e1f1b1728d9
-
Size
510KB
-
MD5
9e50ed09439b4f2206f6cee1b233677c
-
SHA1
719705903de481a3c680db18f8cef892efef3dc7
-
SHA256
b45a38f7012d02b12d3613d25450847d87c14c9b3207380594fc5e1f1b1728d9
-
SHA512
927789d6fca24317b1cc41825485cf06cf337204d8007b32220ef2fb28ee48275102a9148682336f76e7586e5ed714d1de2098c08886ea1b76007880a5c45d80
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-