General
-
Target
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
-
Size
500KB
-
Sample
220201-de23msffdk
-
MD5
67266005c2ad6efb534732a0c040ca97
-
SHA1
d8fbd5d7da7785c5011e93c1e2f642fd21f29543
-
SHA256
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
-
SHA512
95abc23a82e5e544134fa89d7e5ffb9ba258f72b872b1bdccfdfb0c12fba6b28cb34ec480ba347298d42788eee839580780c058daaaaa28b235f30b8af51775d
Malware Config
Extracted
formbook
3.9
sm
ccsicards.com
dvarchi-design.com
dwhaywardarts.com
alarabiya-online.com
iceandcoal.com
biangl.com
urbemasafaris.com
les-lampes-de-lateul.com
cloudypro.site
redsystemsllc.com
louzanfashion.info
gozdeayvalik.com
care-care.link
samuelthomasart.com
gogo242.com
blitzkriegproductions.com
ttwpiv.info
sylactus.com
crossfrformula.info
getpeopleresults.net
Targets
-
-
Target
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
-
Size
500KB
-
MD5
67266005c2ad6efb534732a0c040ca97
-
SHA1
d8fbd5d7da7785c5011e93c1e2f642fd21f29543
-
SHA256
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
-
SHA512
95abc23a82e5e544134fa89d7e5ffb9ba258f72b872b1bdccfdfb0c12fba6b28cb34ec480ba347298d42788eee839580780c058daaaaa28b235f30b8af51775d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-