Resubmissions
06-07-2022 16:55
220706-ve9wxsfafp 10General
-
Target
400000.InstallUtil.exe
-
Size
180KB
-
Sample
220706-ve9wxsfafp
-
MD5
fe24b17cba6092bd2da1e5a172a33846
-
SHA1
df46ed6222eee121dd697e4ff6c7bab3d077c4cf
-
SHA256
cd375b3eeffbdb97aaaaa7d568e04c92ecb76d99c43894c291c31c24dd0f4e98
-
SHA512
ba8852dbf1cdb30fcc84b97e12b629f3229d83f2d1217ba172917059bc33e9c4227067e13e42346248f33f047cb04632599d2cdcbb96c4fff36aca028553c40b
Malware Config
Targets
-
-
Target
400000.InstallUtil.exe
-
Size
180KB
-
MD5
fe24b17cba6092bd2da1e5a172a33846
-
SHA1
df46ed6222eee121dd697e4ff6c7bab3d077c4cf
-
SHA256
cd375b3eeffbdb97aaaaa7d568e04c92ecb76d99c43894c291c31c24dd0f4e98
-
SHA512
ba8852dbf1cdb30fcc84b97e12b629f3229d83f2d1217ba172917059bc33e9c4227067e13e42346248f33f047cb04632599d2cdcbb96c4fff36aca028553c40b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-