General
-
Target
18b4cd72864cf3ac6bd169fadfa6db171d499e5fbbd5795ea3625d01d17d3f1d
-
Size
368KB
-
Sample
220521-bx1w7acfd7
-
MD5
277df4943e7cae4b07b7a60e6c27bf36
-
SHA1
e7bc1928b3925283c9250960c300e1b99bc99894
-
SHA256
18b4cd72864cf3ac6bd169fadfa6db171d499e5fbbd5795ea3625d01d17d3f1d
-
SHA512
36ebd6f45695e7e65d73655d6ca172629c22dd2ce75afcf36abe712efc7bdb2c7248086931dbf98ed0bb18a20e2dadd99f12e084a004c636f40bf23d5fafa0c5
Malware Config
Extracted
formbook
4.1
kvsz
okashyns.com
sbsgamedaejeon-two.com
drb77.com
top5dating.com
websprings.online
voizers.com
zenith.site
lahistoriade.com
qv85.com
armandonieto.com
priestvedic.com
jessandjeff.net
magic-desktop.com
jitaji.com
ldmeili.com
yuwanqingmy.com
buzhouorg.com
chaiseloungereviews.com
m2g8way.com
freespin-support.com
Targets
-
-
Target
???? ???????.exe
-
Size
479KB
-
MD5
0552dc2eb77ff766b362f1cdef722a14
-
SHA1
e00a9c847419d53e21f6edb25d70a79bdf30723f
-
SHA256
c9b141757defd483a6ff17438e86be87e0c1e5bc3d943c15989d84f577def797
-
SHA512
307b9296e101c18a75e7d38f945e486cd3bb7165f3fdc25362a47efcc9530e98b931c6d3c672c08d1c88af9c2cd6afac234e6cfadae4b6ab10dfaf84a80a47a6
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-