General
-
Target
c3e06adac1de1ffc979fb03a2568122dd2d9df5317ac929c65b992502613a073
-
Size
449KB
-
Sample
220521-nd5ggsdef3
-
MD5
1ebd9f034bf51511c62005f93a9cd7f4
-
SHA1
5cccde19188452521633249332e746c2765a6f3a
-
SHA256
c3e06adac1de1ffc979fb03a2568122dd2d9df5317ac929c65b992502613a073
-
SHA512
a6d8ab310ca5e844a3b67efc1c17ee255af90f957f466c5010ce979a1e7625c9db79c55f7e72f58fb966f32894e6260b5584db6792d3880a85d25071229256b2
Malware Config
Extracted
formbook
4.1
q5e
2177.ltd
thanxiety.com
max-width.com
fixti.net
mostmaj.com
mobilteknolojiuzmani.com
historyannals.com
wheelchairmotion.com
mossandmoonstonestudio.com
kastellifournis.com
axokey.net
peekl.com
metsteeshirt.com
abcfinancial-inc.com
btxrsp.com
amydh.com
ccoauthority.com
lumacorretora.com
kimfelixrealtor.com
iconext.biz
Targets
-
-
Target
Purchase Order-0096005.exe
-
Size
574KB
-
MD5
e90d5fb481511c5d3c844529fe20ee00
-
SHA1
8f03158dbe6edd2a6fdbedbf860f5905030202e1
-
SHA256
89819dbac176147b14b878250b43d1954844e6f0d4bace8b4607bad4405ca96b
-
SHA512
dd1d22fe8b35bdf1c9cc1dfc926666b58e454425fcee33c2168a604a6c852b7137592b896e38cd35caeb1215b7073beb7e5e9aa6d53ff55e6eabcb69d6fb6ff7
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-