General
-
Target
New Order WID-12874 (VT-10622)_SCHW_Juni 22.bin.zip
-
Size
663KB
-
Sample
220719-l99pzabde7
-
MD5
91b5b93c27d5169f4a4d4fa61b2f41a3
-
SHA1
a7a6343799a214a47eb90267fd31278bc6150a54
-
SHA256
489fa719739ec1613adea999befb747412438ad80d401908f9c52fa351e36941
-
SHA512
e3b8965c491811df7181aa104b70fb056a6be11176e1bf5f701c5e47b12a554fa0629ec97965c2b62975dd8db5904667c6ce7f515e6fe4638ccc911eaf1c0c2f
Malware Config
Extracted
formbook
4.1
t19g
playstationspiele.com
cakesbyannal.com
racepin.space
anti-offender.com
magnetque.com
farragorealtybrokerage.com
khuludmohammed.com
v33696.com
84ggg.com
d440.com
soccersmarthome.com
ofthis.world
fivestaryardcards.com
lusyard.com
gghft.com
viajesfortur.com
rationalirrationality.com
hanaramenrestaurant.com
exactlycleanse.com
martensenargentina.com
Targets
-
-
Target
New Order WID-12874 (VT-10622)_SCHW_Juni 22.bin
-
Size
709KB
-
MD5
32613271f1feb2834ac33ea16807496f
-
SHA1
40cde9168a856b0b0b05727cffb6977a641b2274
-
SHA256
fca8d992734405f7ad3c622fa1f990f7b0e1b3949b6a174ad5b1f8a929f93dc9
-
SHA512
52fb48e81672996925385d681c30aca3d59e9f29b6737caf440461cdf181d7f384bc62b56759bf08be1fa875fd756437e511c39408a8477516422cb4859c0170
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-