General
-
Target
4184ca1e5732bedc5d0053cbc95f7792-sample.zip
-
Size
565KB
-
Sample
220804-s89rxagec9
-
MD5
7336838c0b37763faa7e88f7454a2283
-
SHA1
c8b732d0679990abaae2f6e8d09964541a9195e9
-
SHA256
fe6881ed33614e4bad0b45c0500ca544a65ddd0efe2a8b8fc1e5b605bec9ec5c
-
SHA512
93d28dc09ba165d8f3b4be425daa6c463ab7421734d7046400a36fce30e759c7e591b1fbfbc74123b8be21b3c64e483df0e52c169d4717ee0fa57975e562ff59
Malware Config
Extracted
formbook
4.1
de08
retirecloudyyard.com
fabiyan.xyz
chrisarlyde.com
selapex.com
vivalosgales.com
specialty-medicine.com
contasesolucoes.com
satunusanews.net
allyibc.com
alameda1876.com
artofdala.com
yukoidusp.xyz
steeldrumbandnearme.com
stonewedgetechnology.com
kentonai.com
macquarie-private.com
ddgwy.com
megagreenhousekits.com
descomplicaomarketing.com
inclusiverealtor.com
Targets
-
-
Target
Confirmaci?n de pago.pdf.exe
-
Size
699KB
-
MD5
0405849afe352cb943b5ef38e33e5f39
-
SHA1
047a2fac7f1e5d59340867c99d14f90adf5a1a16
-
SHA256
64ac613672e24621e590d79800c1028624f90cd6edbab8b64c9608c17497e8bb
-
SHA512
2c5d7f66479715141353ac2012ab102c56b7dec980e428d8bb39e17ecfdaea0a2baa304eaaf406772ac972d9e17e4a3912568ef9d7ec45f0afd8d20f735ce981
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-