General
-
Target
8f48e9ea8fcfbc03fff80a621f21db65da0e777dc16fb62d97b5f4e4e0511dc7
-
Size
274KB
-
Sample
220521-paqdtsehe8
-
MD5
b1ce68a3db1a65eb49e88f649b215b3a
-
SHA1
2b1a329fa1ba49e4616faf210562f8a6a740c0cc
-
SHA256
8f48e9ea8fcfbc03fff80a621f21db65da0e777dc16fb62d97b5f4e4e0511dc7
-
SHA512
38e8f3932da34ff6688f7fce2562db835c4eed3fb3ae731d41c832d8e243089fbe2495b408844d0803c8213c16ec5d981f36c427358488c9f301bda3ac58dccf
Malware Config
Extracted
formbook
4.0
ngs
logismatic.com
smartfinanceclub.com
littlefingerkids.com
aibus.ltd
presentphoto.com
bilregister.info
feellightinbodymind.com
ulmansails.com
grovegaea.com
butt.gold
designersescape.com
ucuziplik.com
cekmiyor.store
villaniproperties.com
1buybuy.com
solarpanelchina.com
healthbenefits.site
sky962.com
xn--bent-8qa.com
alltraffic2update.download
Targets
-
-
Target
Inquiry.exe
-
Size
334KB
-
MD5
1a7fd254210f7ad82f72bebb508c6f19
-
SHA1
1225574ff9386945611656ed77925134d71f4c71
-
SHA256
1b4dea59e406d410a3d0d1ea8245c339fa8f5eb925f1378a09b0ee812c06508e
-
SHA512
0a6e328a22fa3fb42c27af80c0f104a3baf0520590fe1b508fa301d3cd465cf71a3434f04692676f6c45e13113f2045953a8c7800a53784fc2564934419dfe92
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-