General
-
Target
96a45aa6b11334754407ad348675045fc8b38ee42300b1c1a1890db528c55484
-
Size
447KB
-
Sample
220521-n36qvahfhq
-
MD5
40dc6e85f87183665ea359fa7f987c4c
-
SHA1
8c486f214d8a89e02581e96cf5582214452bb750
-
SHA256
96a45aa6b11334754407ad348675045fc8b38ee42300b1c1a1890db528c55484
-
SHA512
fde19c1c7d7eb0b00335422e644db0ffcdba5612ff4edbce065e7c5454458b842721806ed3d38b9b95daa099512af35f10ca43b68a23a5d91dc48fc820af6ec7
Malware Config
Extracted
formbook
3.9
b5c
cyb-eight.com
preciso-de-dinheiro-urgente.com
ddanceboutique.com
workerid.com
maidsmyway.net
l5-2rich.com
lifecreatestyle.com
xn--nachschlssel-klb.com
pregallery.com
koolbeli.com
seprh.com
balootweb.com
376nvx.info
ecardrive.com
northcountysdkids.com
leminhezuoshe.com
uploadmetothe.cloud
privatepracticeangels.com
bourse-boursorama.net
amberree.com
Targets
-
-
Target
PO589698480055.exe
-
Size
643KB
-
MD5
c3b570985ebb19c8b6fefc9fdaf74760
-
SHA1
bf022fee032f9911a0f87ab056e9a28571d18bdf
-
SHA256
5a67dee45b2e60de47e22739c8be8614f31cdb4acbaf554f37d06ea41ddd8762
-
SHA512
ce762bccc0d924f2bf02711ef760c00c8333afe4475b7409fa89c79bd584422436d922a9d3b5d7592212bef401b9db51a4d7280c05b68e867f402de8ce09ea9d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-