General
-
Target
736b7cd2f4c5db0fbb9fcd8a5f7f941e83c4133ed14571d59eac5d754019aaba
-
Size
275KB
-
Sample
220521-ngys4sdfg6
-
MD5
204ad0e3f63de178838bca61f24db8a9
-
SHA1
fe188477f5f0ef144e25d0fbd3deb3a3461cbdd2
-
SHA256
736b7cd2f4c5db0fbb9fcd8a5f7f941e83c4133ed14571d59eac5d754019aaba
-
SHA512
987b08d8843c7da8043d5797b151175f8af6445ee32e9bac841efb81a6ac0bf7d6eda1bf09fcd8735c12421885ad8a4b48a2181e91cfd0d556ab57a467951aa6
Malware Config
Extracted
formbook
4.1
4vx
kontinuer.com
outofthebluelove.com
docentrood.com
emowm.com
jsa862.net
kshoworld.com
kumsalkorel.com
adrigh.info
goldentrianglerv.com
youkuy.com
lindaclijsters.com
audreyfarley.com
alasitter.com
uscar-boerse.com
successwithfletch.com
474opebet.com
xjlfb.com
doingworkabroad.com
0pe864.com
ittestperfumeok.live
Targets
-
-
Target
invoice.exe
-
Size
326KB
-
MD5
0060b9cfb3b239c92f18f3b1ae7d8c3c
-
SHA1
7170ef2a931341c0c4fb152c1552a5049eca68ae
-
SHA256
bb973839df53081c969a7e6647bdfc2d3090b43b496fe8e2244a51a604264112
-
SHA512
46e234941eed5120dc8fdcef173a34580c0fa0f28e8903729dec8cd22ebebbc8c489f0a10ede740a7ecd8b821fe6376e13aeb731ecad3c6e871233f155f2ceea
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-