General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29221.12172
-
Size
478KB
-
Sample
220621-d362haadfk
-
MD5
cd6b78a456e3f72a4a48c866602bc617
-
SHA1
8e56e555ba4a208f038730c1d89a8fc1b93b77f5
-
SHA256
4b8c3b49cc5ceaea396ffc0444d625d7cc3c231b973f2775a23ab3cafece504d
-
SHA512
be706bbfa28e6de8d1721739c505ab77762563f47a65578119620e5ceca1e7b9f2010171abce9d4b79f7c2250f6dc5433448a0825038be96d5a1578a44f6a933
Malware Config
Extracted
formbook
4.1
t19g
playstationspiele.com
cakesbyannal.com
racepin.space
anti-offender.com
magnetque.com
farragorealtybrokerage.com
khuludmohammed.com
v33696.com
84ggg.com
d440.com
soccersmarthome.com
ofthis.world
fivestaryardcards.com
lusyard.com
gghft.com
viajesfortur.com
rationalirrationality.com
hanaramenrestaurant.com
exactlycleanse.com
martensenargentina.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.29221.12172
-
Size
478KB
-
MD5
cd6b78a456e3f72a4a48c866602bc617
-
SHA1
8e56e555ba4a208f038730c1d89a8fc1b93b77f5
-
SHA256
4b8c3b49cc5ceaea396ffc0444d625d7cc3c231b973f2775a23ab3cafece504d
-
SHA512
be706bbfa28e6de8d1721739c505ab77762563f47a65578119620e5ceca1e7b9f2010171abce9d4b79f7c2250f6dc5433448a0825038be96d5a1578a44f6a933
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-