General
-
Target
fa727bc89057fa9b33dbf9a20c1d0800146f05a28bbad527ed2a836c2fa4e2d3
-
Size
324KB
-
Sample
220521-ntwjhsebc5
-
MD5
c2cdc3dba69f5f5eb6f75ec52fbfcb79
-
SHA1
52de4fd06cf85232fa909fee03107e26a25349e3
-
SHA256
fa727bc89057fa9b33dbf9a20c1d0800146f05a28bbad527ed2a836c2fa4e2d3
-
SHA512
287808dee129c6c6c48e9f7bea9111882926cd2db78f92588d4d6bf43f535c37432d8ce2b71a994443627794296a9a825c31cfdb290741a89426e58c3a24280d
Malware Config
Extracted
formbook
4.1
3nop
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
List of our purchase order.exe
-
Size
1.1MB
-
MD5
94c591351a9f0c0e8c61ee32b1e4bed8
-
SHA1
37c19b86622d1a9725a87c288af816aadda575a2
-
SHA256
017f433a49afcc765c5a5e7f39de6251fbe37d9c98f7d86f1abcefb1a9f559bc
-
SHA512
1b768f633f2d748a59a967f767eec9300e467163fc907b65c4b520c538bfeb89b7f957a566b365bce813ef9d47eb6e1372e3451b4527a62e37e9dcd30f4c0241
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-