General
-
Target
6c2cbc8b3f0efbabb281cb15fa0d08b2b805dddfa8028b285e795c6b6ecdda02
-
Size
307KB
-
Sample
220521-da7sbsadgk
-
MD5
fb7b6207d6b7643f9279a7fc2e6ba6a9
-
SHA1
9f83248171dc6312da7fb9afb11b488d49518a2c
-
SHA256
6c2cbc8b3f0efbabb281cb15fa0d08b2b805dddfa8028b285e795c6b6ecdda02
-
SHA512
120acaa3f98e100c09d92804212f1291a2c66bd5dcbd3e5dc9c4a615ca751994ff21c7f860edc5c060e4dd40d3e2d4f5faf3943d0f41ff7344f684d7f0ccd055
Malware Config
Extracted
formbook
4.1
hnh
stackingplans.info
landscapingcanberra.com
apxlegal.com
gzajs.com
senladvocaten.com
stephanieabella.com
indivmgtsvc.com
wildlife-botanicals.com
fingrfull.com
ustar-electric.com
timesharebefree.com
safefirstresponder.com
giliticketoperator.com
silverstarscents.com
4752condordrive.info
joomak.net
new-auto-news.com
ottodesign.store
kxg01.com
chrisoncreation.com
Targets
-
-
Target
PO102.exe
-
Size
368KB
-
MD5
544f97d08c44accf6feb140704686ad9
-
SHA1
198054b26aa1895ae9e6533a449d52dadbbcd0b5
-
SHA256
548f6937985adb04cce6bda4127f3d2af247feada21eda348d1d6a0e8dd7d2c7
-
SHA512
1acc9b9bae1f369d0e717bbd22e2861455b91e942398833004cdf4d8022230a144ea81126a094bb76f509b1281cacffa7e069b2f5c99e6b19621887b904164bc
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-