General
-
Target
aaf433c2a97b43083875cd68addd1916972f8f9d4cbf1f69d8e835c593714f83
-
Size
213KB
-
Sample
220521-mmdvfsfbdn
-
MD5
80ffe4a0793284646c0753ed08f17c46
-
SHA1
d44e8d38cd1303dad5fff3eaec3c31e2fe179325
-
SHA256
aaf433c2a97b43083875cd68addd1916972f8f9d4cbf1f69d8e835c593714f83
-
SHA512
d5904ad03dc89050d9da75bf5d1a7aedb3c448382074d799b08ce58cb04c11d5afa0077c054e2ae9c2c60f07a25afe7722af322d6d443354977699dd8469ef7a
Malware Config
Extracted
formbook
4.1
8utr
krizeye.com
grupojoga.com
dgptj.com
aaclewyo.win
alyssamckinneyphoto.com
thedyeworksbv.com
getrichclub.com
founderscard.net
mcclainpick.com
vault.estate
amriglubal.com
erachain.ltd
elanyawine.com
whitedogblackcatgb.com
pnroiz.men
worlviewtravel.com
foundbyfind.com
hurst-mail.net
cottonpowerbd.com
j-lavainechampagne.com
Targets
-
-
Target
New order.exe
-
Size
281KB
-
MD5
44d67d39cf033d2b1c5f669e181456dd
-
SHA1
93fa54a9399eafe1faf0810fc6f7d4c1daa77ee7
-
SHA256
7292b78a638622778908fde4d5ff1f66b4d2ed905a0f36622b28da645e0f0faf
-
SHA512
d549df5a78f54f51ac601263a2b61c69ef328a6cb2619244b1428b0ec46895722c7c89f8541820d03e943a0a6d39b89552c830ea156b08413ad4192c4d995d21
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-