General
-
Target
69afd5a7f3e675cd53cbac316fba01e77db7139363e1ee916b5a740b3dea3ae9
-
Size
319KB
-
Sample
220521-n6zrpshhdn
-
MD5
698638db7a96e14eadcb84902738e496
-
SHA1
403c667e8efc4118a01719d0b159d334699aa1a9
-
SHA256
69afd5a7f3e675cd53cbac316fba01e77db7139363e1ee916b5a740b3dea3ae9
-
SHA512
96e02189037e1f03ce1c4951405dec77d86cf1630d180a12d2969df0d00aa238e7343b739b328b2af0b94d145733e63f1e94b0cff2b66e6d395c60fa14d9e912
Malware Config
Extracted
formbook
4.1
i0qi
mytakeawaybox.com
goutaihuo.com
kuzey.site
uppertenpiercings.amsterdam
honeygrandpa.com
jenniferabramslaw.com
ncarian.com
heavilymeditatedhouston.com
gsbjyzx.com
akisanblog.com
taoyuanreed.com
jasperrvservices.com
yabbanet.com
myhealthfuldiet.com
flipdigitalcoins.com
toes.photos
shoottillyoumiss.com
maserental.com
smarteacher.net
hamdimagdeco.com
Targets
-
-
Target
PO #78574764 June 4-2020.exe
-
Size
422KB
-
MD5
130322a1fd284d7d585221381038c584
-
SHA1
620933b28bb9de45a0f72a415c0bfc85efcbb442
-
SHA256
2bd1995c8c2b3f35906807ce4697151cf801af339579cd7b86e467df6474dafa
-
SHA512
3eaacdf8edd846d27059a04217540f561f8e592b537ce57412b45b67f797b7b25f8f76b7158ada512567a6f642911aa425475da656c29d7524d0995684d466d5
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-