General
-
Target
be212619b97ee6954f65301efb5027961cebf3ac7ce8edd71dda5872442cea0c
-
Size
261KB
-
Sample
220521-bpnxnacca7
-
MD5
8947567c8965dd5dbfbc5ad855a4870f
-
SHA1
056840758e7600d73a2e638990f42ee9c2526dca
-
SHA256
be212619b97ee6954f65301efb5027961cebf3ac7ce8edd71dda5872442cea0c
-
SHA512
ee4ca1131d0885b8cb471e11ceb0f3f09558362053a07dd59cdbf7c744c8c5eaad244ebd4c54cb0dd9df86c862d1ec9b9ba8ddee22e647074bc3a9e409f4a16a
Malware Config
Extracted
formbook
4.0
i032
threecraftybitchhs.com
vmbitcoin.com
theeverydayrootsbook.com
perksatwrok.com
oilspilladjustersettlement.com
actiilifecoaching.com
kbv627xlp9o.biz
masterfitnessusa.com
bit-coin-b2b.com
crossfitpoway.com
van-life.info
start.supply
wonobi.com
volunteerfife.com
steamlish.com
fortituderunclub.com
10sweetmasageparlour.com
2espiritus.com
free-part-manuals.net
gocier.com
Targets
-
-
Target
Payment Slip.exe
-
Size
305KB
-
MD5
959cc1d1577952988bee9d96237dc04f
-
SHA1
11942e192b6f5f4bba6947653fb070385f42998a
-
SHA256
9e5404dae4cf7c22028a3d09e99fa532a1f14e0636aa8112d177933a8b066b6c
-
SHA512
30e5e5f62239042b905a01c7d51f52f7be5668dbe23d4ec63b3a0c8e50f9ccb2f770fce1efbcd3914e842f0762838f8eb0ed9db1eb1fb670c890caaeece8fb70
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Formbook Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-