General
-
Target
53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696
-
Size
230KB
-
Sample
220521-mmhhmsfbej
-
MD5
5b4e54d72fa3294227f9591e2cfacd89
-
SHA1
b6dd402d0ff58f6a04fd733d1c9fe0daca3d5130
-
SHA256
53b80c327454a3fb82a2b1b5eac96eeaaf91b3b309fdb4d8a3c8cc53d8ea1696
-
SHA512
2b6b95d90f501469a99a78807964c378aeb28a9c49495de578fc9f3cfb2cf9cb82ada96c674dbe585571e640d19bf29a7f7338e834913de3e18c8a3ed61c1e3d
Malware Config
Extracted
formbook
3.9
ms20
ginayjasive.net
unique-bruce.com
marcaschingonas.net
artandartistonline.com
creditcubeaa.com
jnlunwen.com
adriangallop.com
gardenmebydjnui.com
dakdekker-utrecht.com
padmatrades.com
esseconsultingllc.com
heisenlintec.com
110431.info
posseco.com
team10hoodies.site
sciencewtour.com
paigeslife.com
idea-asesoria.com
crypotland.com
862575zk.info
Targets
-
-
Target
Payment_Advice Ref_G51433980115....pdf.exe
-
Size
311KB
-
MD5
419fdeab3e062e913643037511fee430
-
SHA1
3c11f5dfdae578ab1e7afb87f05acf9477ee28cf
-
SHA256
76d45ff13654988781428940dab2825a158e15679d0f1faf9615b76a2cbff4a7
-
SHA512
2c108227bb344a271dec116251796049927a4df8fa7716d1b33a20df42fe840ac4f684e3af42bb64944d882bac06c90fd2217d6052cb3523667b3b3529c29a86
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-