General
-
Target
83972d9fc2f49b8557a13e1c5b3737d3c03ab53410d7989eaba975216d7be2bb
-
Size
279KB
-
Sample
220521-a8bwrsbdh9
-
MD5
fd5c2c17858aa3ae319a4b947cac03e3
-
SHA1
3000982fd9363a35bb9a6195fbe872dea9ff9754
-
SHA256
83972d9fc2f49b8557a13e1c5b3737d3c03ab53410d7989eaba975216d7be2bb
-
SHA512
05faf678616e71d8d58beb4ef0c4204aaf4fb3db18109a5c7b4bdf97a699965867d4c1eb8edb064fe54333d3e023924f5d5bae3c30128f7ca551092d5541d618
Malware Config
Extracted
formbook
3.9
m6x
990939.top
dhluxuryconsulting.com
muapnvnsfr.com
homder.com
valveiran.com
alkhaleejtrading.net
jekweiss.com
kevinklasmanmusic.com
buyilovebacon.com
nq227.com
cryptrproject.com
medicine.mba
nufilter.info
highway99restorations.com
phytohealthkits.com
accentuatephotography.com
tradeclimber.com
yasseralm.com
ito-agri.com
divandaman.com
Targets
-
-
Target
Quotation list.exe
-
Size
378KB
-
MD5
3617db6af880e252d22998f0172c4b1b
-
SHA1
debf933d05217678743203fb00dff0b86dbc03be
-
SHA256
8256c24d02c5a109077b512ce3b45d7f95bf38cc01c33a968bea89f244f48e40
-
SHA512
50567cf8853a9b58dc8b23aa4a3bbb5abb9a449024751eadedda1c3bba935bcd61d8a58568e7006f2ba70782754d3a49a115f5974812e652499592751d977245
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-