General
-
Target
3fbb47e7bc46a3d84ecaaf0746ef0bd241c3b82c035d83c5d7601b82fd7d7479
-
Size
222KB
-
Sample
220521-nsw4naeah6
-
MD5
8463509e179f09ddf02a58e1f0e8c8da
-
SHA1
c65de66ac67174e28f241b081beb48698b57a44c
-
SHA256
3fbb47e7bc46a3d84ecaaf0746ef0bd241c3b82c035d83c5d7601b82fd7d7479
-
SHA512
6c41af7fca741efb4fff50cd3b4689fc80cf194f58df76680c71c2cd4d30da6dc32944001649560d52a59512b2c2a5231bfb4190f65e489b6e5e71ec57ee509a
Malware Config
Extracted
formbook
3.9
nfl
giacamp.net
qb51.party
mashalevine.com
russiasexdating.com
jitangyy.com
morockin.com
karoreiss.com
tractionhero.today
bienvenueenprovence.net
stormharbour.info
61999h.com
tryandcert.com
bestwaytosuccess.com
laobaochang.com
otomatiktente.com
rehpb.info
ivpdqb.info
dc-wv-wv-ie-q.com
goingmagic.com
cimachain.com
Targets
-
-
Target
CONTRACTS.exe
-
Size
329KB
-
MD5
cde2c4c399ad674bdc2a8e0d055ce60c
-
SHA1
5393cf369b6a3577c195339680f97eac0d7248aa
-
SHA256
8efac0f1a783fbe5627c1fca4c211583bf045bd5671d89df9418220d66078c11
-
SHA512
b999661383669b0225187bd99dc5b4692ef4250a913b95a8e1900eb66b54f14e705de5e462e72551da6c66f004dd534df15c7ab47c735ae48bb5adc515e41a72
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-