General
-
Target
923cdb496689db82509ef78fdd3cebaa75e1590475693383570c20457929c3dd
-
Size
198KB
-
Sample
220521-mmglcacad3
-
MD5
55a381cffe215a75123e8f36863ae53d
-
SHA1
d2c0f0cd5226c04fc5b60e491f65620341ceeb36
-
SHA256
923cdb496689db82509ef78fdd3cebaa75e1590475693383570c20457929c3dd
-
SHA512
6d5f3c3fc4d7f97e475650cc7c3ed1df8ec81a4c28c846e7f043bfbb7c63b62636de1f0696bd91c749a0c4d9f6f10a37b1cd97830b1e2c48bbe6f960453ac2fe
Malware Config
Extracted
formbook
4.0
lgm
somethingspecial.net
brickmachineequipment.com
asapprintingsales.com
wbmason.jobs
acu.ink
santandier.com
theboxofficemovies.com
tv16507.info
richardzacur.com
eurosevi.com
reformasydecoracionesrian.com
1x1zeroautumn.men
peipw.com
wurzburg.city
kidstoyscheap.com
star-pump.com
mimarsinanresidence.com
indoorgolfschool.com
livinitwithlou.net
cailiaowenda.com
Targets
-
-
Target
HSBC Beneficiary Payments Advice.exe
-
Size
350KB
-
MD5
284711c4fcb079feaedf50fe4083871d
-
SHA1
d3139e234e220719545cd01228816c90526dc167
-
SHA256
b57c9384280389b262d09cb4fa5b5465aadd4aaba2afb6d48c5d6e7c3f8d923e
-
SHA512
30d344472900a40fb08c0e5407c032de16fd083e5b59780e1f63e542caded8d1e2c36c991b4d8dbe302e6fba9745d7488c27cd29e356bd92f273494d2a05e756
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-