General
-
Target
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
Size
396KB
-
Sample
220625-lly9bsfadr
-
MD5
8a7e582e85cb994d6f0d728cf8de1a95
-
SHA1
551b6792a7651524790411bdc36211b273bcf6fa
-
SHA256
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
SHA512
baff739c3f1213f72d7b64291795156d1ad9fdc9fe8ddb28c244262b6ad2a46af8b1d2786195be6d9aced2f8da256c1190bc02d37689d8d3b8f2640ca97d88f0
Malware Config
Extracted
formbook
3.9
h376
sentyrzproperties.info
onlineapplicationservices.com
cheesecakedays.com
royalanthem.com
mayortombradley100.com
tpcomsoftware.com
sed26178.com
returngenius.com
paypal-account-secure.com
smashsoluciones.com
fineefeed.life
saja.ltd
hurricaneirmaclaimsfl.info
7069192.com
karneshomegoods.com
349h.com
per-neters.com
zzshenghua.com
uresuncoast.com
meu-condominio-online.com
Targets
-
-
Target
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
Size
396KB
-
MD5
8a7e582e85cb994d6f0d728cf8de1a95
-
SHA1
551b6792a7651524790411bdc36211b273bcf6fa
-
SHA256
5b3e128e3d2f94bf536d156207f1c0758dd0ae178496be9e5c82db419bf138e2
-
SHA512
baff739c3f1213f72d7b64291795156d1ad9fdc9fe8ddb28c244262b6ad2a46af8b1d2786195be6d9aced2f8da256c1190bc02d37689d8d3b8f2640ca97d88f0
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-