General
-
Target
SecuriteInfo.com.W32.Formbook.AA.tr.17194.exe
-
Size
975KB
-
Sample
220916-nc5e4affb8
-
MD5
5c5f6418364d135500080bcbaecf1be1
-
SHA1
718544eece57175e5d34e8f2c02264ffd08cc98a
-
SHA256
44db6b3b48500386767c3b65e1ccc784a41108486ff999a8d3be6e97b828ab87
-
SHA512
3484ab14148aa6b370dc1f789e6e5b0fcb54ef7bda2f0d73bb701c7acc03fc61afb106b15d57f8332a4359331abf080e0cdf42ee0dfb52e0f72b36203c3bd90f
-
SSDEEP
12288:Mi8HjEB1mpzdFnoIvtUg2jIEsnciI50wv2ykDooyZGbR48yArhf7fvqd2222222P:MvD+mpzdCIvtUjmnzfXooX48yAlv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.Formbook.AA.tr.17194.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
od65
vWv++sZuMcvF33G4l6XP9EZPtA==
t5BN04mkc6x7eQtgS2Cny1c74wh2JQ==
ZTwBHxvcOi/zDyg=
HwPQCRbYNSbYx9YwkxE7M8jD
zrZ7kYRUKtRvsNwuQoroFy2XBerx1ZfW
x5kgkNmETMWdsMcOWt8=
U0nl/edTCD8CML781w==
eC3RNeH20QR4+QB6
p41iGJpixNsjiSetfNP4Xw==
EgiwGUUP9OJdsjqZh4WLohiTERg=
vKx/M5lOHMDiAarHuukJ
im4Rsi5OGk2Qv9cjI2fC+gReNuXeksU=
dynF4YrQWXXHLMxHG1yVAZNvIO/x1ZfW
5pYrnPK8nt07O4mUm9c=
+tdo4GF+OlqJwtwXcP9Da1H1sBA=
zaoxtveyMFwVVFy/GaHFTfl3EbqsGInQ
Dth/Hns1tuE1cJwjk1SkP0w74wh2JQ==
9LJY/i/hzC/zDyg=
/eZh3RKaXKLXGG1kvkZs5m4=
o31J4w2cWOhJP4mUm9c=
U03tDQL6yAVoe/c5Rx1POWA=
dUTQuWEa4P94+QB6
NwzdkgPSrdaR9l+k8DYc
650uEwAV7JKtHo7Zr8MW
tGYlVTHs2n4HLImUm9c=
/sJPb6PBjiwxZKzwyQ==
LgyepaBAkn4dCBZ4keRId1H1sBA=
sJuCH2DRjncruV9g8KTI9EZPtA==
mI5KvPGpvxCPqLz+WN8=
mkLJy20V436NskZZv5s7M8jD
tZYKtEALx8Stmw==
gVv/KEA3XphT
RvmgQarKu2Df7k+S87AW
TBynQbKCW/gjgZDTH7cSX4H10m0en88=
lGA142qAXvLECRhb4S8e
ynwNkT9vQGk9ZKzwyQ==
Xz3yiO+H7CNy2Wu3l6LE9EZPtA==
IeySB46ugefNDjE=
Rg7K+f+6ES4Cd5UPoT5u4GbcPiYl5I3P
OAPqp+UF95kTQSTYX7Pt+YRKrA==
NQjE9OW7iKPjLlphD5ac+24=
8tRxG2MpJdls2Ms23g==
75wzLh8v8hvZJUPEC1xnwV074wh2JQ==
X1LvkUcVx8Stmw==
YBWvx6H7gZBO
aC7U+eKY7/94+QB6
hTO7H1Ag8gYxbfJ5iox8te6Ge1IR
67A94W4ypeTZCBxb4S8e
xaZJN+OdktOR91+k8DYc
sXkAgC33T2i/ZKzwyQ==
L+KcM6fXz3EYweVw
EO3Cza9dvuG2BRhb4S8e
Ac6hVbZuRXYErM5j
UBbXuZ+oeycxZKzwyQ==
jW5OmJU3XphT
XTi/18ByQuV6udvotIOaIz064wh2JQ==
h3VK7FcXd5R9flRkR1Vo0Oz0ZN5XSq0CCA==
FfSTKoENznyOnTa1p6gqR2Y=
s2HsijNYFrV4+QB6
9sxQ3SfVl//VEDU=
2axR/2sNa6i17orAq7XN9EZPtA==
KvPIZrJ0T3y/ZKzwyQ==
OhvOnEVcGE42ZKzwyQ==
tm1B4QmZ7xZ8duVbScA=
ideonaut.org
Targets
-
-
Target
SecuriteInfo.com.W32.Formbook.AA.tr.17194.exe
-
Size
975KB
-
MD5
5c5f6418364d135500080bcbaecf1be1
-
SHA1
718544eece57175e5d34e8f2c02264ffd08cc98a
-
SHA256
44db6b3b48500386767c3b65e1ccc784a41108486ff999a8d3be6e97b828ab87
-
SHA512
3484ab14148aa6b370dc1f789e6e5b0fcb54ef7bda2f0d73bb701c7acc03fc61afb106b15d57f8332a4359331abf080e0cdf42ee0dfb52e0f72b36203c3bd90f
-
SSDEEP
12288:Mi8HjEB1mpzdFnoIvtUg2jIEsnciI50wv2ykDooyZGbR48yArhf7fvqd2222222P:MvD+mpzdCIvtUjmnzfXooX48yAlv
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-