General
-
Target
a685ef015cd917062593f1f2557716642d172cfa65825efa682edf4824bf3b78
-
Size
380KB
-
Sample
220521-n1tcqshehn
-
MD5
97b623462b7b07e99f885aea83253700
-
SHA1
85f6437e909af9d25e01e542e59434d663dc2b2a
-
SHA256
a685ef015cd917062593f1f2557716642d172cfa65825efa682edf4824bf3b78
-
SHA512
3da7d7a33fbbe099db80d0f231014acde14d1f9f34c766ffa3af769b5fb3e8edef2b802c238edf5a76a2261ae900dd3bf42aab696ba1bc3cc4462b3e60545cae
Malware Config
Extracted
formbook
3.9
t9v
jasminechristi.com
1857diversey.com
thelensoffaketruth.com
408man.com
littleblackwasp.com
ichi-yoshi.com
maleselfcare.com
arizonaindustrialhempland.com
misfitfounders.com
healthinsurancelogin.com
yint77.com
uniquecoolcaresystems.com
544idf.info
flare.rip
networkcoinbusiness.com
mogoll.com
printshop.store
awcpnw.com
smarts.click
homesalelab.com
Targets
-
-
Target
Inquiry No19P6200862 and Quotation ANPHANAM INTERNATIONAL CO LTD.pdf.exe
-
Size
697KB
-
MD5
f392ceacd82ea446e348f459b20f02f0
-
SHA1
379afc08c5e58d575c4824621d23e155da2e6d39
-
SHA256
cb2a5c008da8596abab470177843e9a28e4ec8e604e8518d586062b6955e348c
-
SHA512
c4a58c51b639dd374c441b626287a6627e5fe807f6499fdb6cea56341bc17accb1896493e2f86a92e9e761e031bb471042ff95561688cf442688178e83251c73
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-