General
-
Target
a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf
-
Size
202KB
-
Sample
220521-nrf12shbdr
-
MD5
0f1836a97f8fd8b15987266f6a59cdbc
-
SHA1
171f6d5d9bc82351fa672e107b40aa902e660109
-
SHA256
a80f0dc7d78c856762061e22220dfe00573b8fa65eea987efe3dc8f7433b15bf
-
SHA512
e27741559932cd868455275305d982f8ea448becfb2bcc42c603725832d279577ad7c469ffdaef3cd58680868e8b86d85a9765442da35df21b1c4130ccefb9e2
Malware Config
Extracted
formbook
4.1
nbc
cargopower-tyre.com
blackworldbiz.com
pottedtreebooks.com
redlinefanatics.online
service-fee.info
greenlightcfo.com
mypetlink.pet
carewil.com
vippontooncharters.com
zxpcapital.com
dvdgfilms.com
worldsbestduchesses.com
testgoods.top
fujiyoshisougou.com
gage-consulting.com
yifangxuetang.net
imedialog.com
consinfotech.com
lorienttrading.com
ola-tienda.com
Targets
-
-
Target
Quotation.exe
-
Size
267KB
-
MD5
1f2e931a76dbfac440c933b05a2c8e03
-
SHA1
5a88cfede5d282779cd290241d00be1012967c1f
-
SHA256
e8edf009c1c82f348ad925f7f9a34b4f241d52240c6cb43ab4536c4b363d5322
-
SHA512
36d3fe9e87a96782c6444bdad565c3abee88c17905fe8ab8213b33d2af44c48b4dc2b2582f371e897978893b271161c7d0f8b975057038cdc02f589529e31c9b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-