General
-
Target
8bc47d513146ea22cbc57cf1654e5adbf2b80c17a75bc85d6cd1e7b7c389b2d6
-
Size
440KB
-
Sample
220521-net25sdeh7
-
MD5
6f1f6727c40f68d315355dc76532adcc
-
SHA1
b4a25f3f9cba688a91adf65f14fa1ea9cca50d32
-
SHA256
8bc47d513146ea22cbc57cf1654e5adbf2b80c17a75bc85d6cd1e7b7c389b2d6
-
SHA512
fe9b87464420a58ef5f6b8ac72ca9eb3ece1e90b9fb420d6f45eda9c13c1a8fa8d2b278e80c25910889d2325deb1ff43a9b67ce3a8a9ceabb4408cfdd9898a74
Malware Config
Extracted
formbook
4.1
pac
keloke.info
ourrips.net
preparedtrafficforupgrades.date
1000venetian.net
millionairethreads.com
electrosupert.com
superhero-martialarts.com
3dpersonalcare.com
simpnk.com
excelatseo.com
24bodytransformation.com
corp-service.com
baogangjc.com
lottyh.com
thenomadicempath.com
realestatespecialists.net
gurutheon.com
sswvasdc.com
ventecoiffure.com
greatbritainstampsonline.com
Targets
-
-
Target
Procurement Agreement.exe
-
Size
551KB
-
MD5
5619bf6aed56992a940e39c1902574ff
-
SHA1
fbd95ede3e0c607774f29ac3e275e20274338f71
-
SHA256
0ffe3a2c15dd0469d00b515316cdf09ae0e6b4dbbffe106297cf7f7d0d1b8197
-
SHA512
b2bf7a85ccc6c7b4ebf206fc39f48121fa18a8047876a5c69faaea2770fa97818632b3d641691f628cd4ba8599294037220145ed67eda127cd973dee297b99bc
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-