General
-
Target
140ba6dbcbab0fe400ffb839ddf99ee72a7670f81651fefa4e431da69cbdf1b3
-
Size
308KB
-
Sample
220521-ntfhashbhj
-
MD5
969fa6c3c9ed8d2070588778d015a9c3
-
SHA1
90e5cfd30825a9905aa7e89a6cbb5c8825e23aab
-
SHA256
140ba6dbcbab0fe400ffb839ddf99ee72a7670f81651fefa4e431da69cbdf1b3
-
SHA512
399525ab9c6e8040d583c5d22799b5280ed8e854d9151f6cfa680dfdbef671d3d3bfd87f35948ee46853f46dfb15b2d41eec8a0afd7f3c4bfc9fcfe9f0e9e971
Malware Config
Extracted
formbook
4.1
aueq
dewitts.sex
e24b.com
wcond.info
cqycmy.com
pengchengshiye.com
putasmx.com
1e3ten.loan
rnapfrepr.com
exotic-go.com
ogioalpha.com
hsksoft.com
hsjr-media.com
h0a4c6qojbz.biz
shiftopinion.net
subbedepisodes.com
avrv-xjmw-22s-y9.com
europeanmerfest.com
jenniemd.info
gototop.info
shoprachelmonica.com
Targets
-
-
Target
DHL Express Shipment Confirmation.exe
-
Size
394KB
-
MD5
18c2a768940bd8c992818f2c39243a0d
-
SHA1
1542dd490ae68f029f4f98d1156926a67730e93a
-
SHA256
c8cef19967cb820d5e92f85a17ebf98f631de62c9760b1eb1a790cb25961e356
-
SHA512
ac516f7abf1eed59468c69ceba42541b28baa27c3c88fd244de92564ff806641e505605641f357c816978878699420152f58ca71caf0a673ba8c106b513584fc
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-