General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8662.exe
-
Size
781KB
-
Sample
220919-eb7pdsahap
-
MD5
9c03705ac3dc12d9418efb5215e6f154
-
SHA1
1dc030e7d3527704d4f6022d4b0bd0eeaf8356fe
-
SHA256
fc359222307f4fb7aa112c091da0ed90481dea090ae53c9578cada9689da5319
-
SHA512
2d7523c5c348e964f2cc34715b4bdafca414457d9ac4ef92adb551c2d27898bb1e1e4852d8737f2e00fb803b3a4bd2f9c21efc9c7d2b1059d4df473ad2ae8d15
-
SSDEEP
6144:2WuxH77v70/IO8OcLulLzRyHCYlFf1BAf2UUsLDVtjLN1aacFPVfdCiUZNrqW1sl:2WSHzOgLulLNyiWp1O8CT2lfsiKF
Malware Config
Extracted
formbook
6hsc
6cvqXARAGlgdnnbXYQ==
Mi4yZ8FULou6w26U2FDnEbA=
Xmx0bJmRZGL+O0RFfLFNN9AMdwn+
B0WNhyl4T2gWBIqE1VDnEbA=
DI2G9/sG/v6YIh42aQ==
0NTaAl90ZWYiGV/bT4U=
DWCuXrL23Cc3xdIG/0dT
fTbzys/dddqOVQ==
8ClrDFi3i+asgxBOnguhlQ==
YjOkWLSpXeqrXw==
gAIov8vbtv8vr8/tFSXvDULL7thokKA=
xMW2qsXay7xNkonR/zxPo939
xc38fRlgO2opnnbXYQ==
+o31vQlURJKmLUWfHlMq0Gjs
z6GwWxCSKJLJ
2pnQ5evpehAxUt4hd6pq9X71
2CmXDSU2DTmDR+Q=
WV9ScxFQID1V2glQnguhlQ==
L8UDlK65h9wJ7Zeb3VDnEbA=
Agb4LF2bRcDX
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8662.exe
-
Size
781KB
-
MD5
9c03705ac3dc12d9418efb5215e6f154
-
SHA1
1dc030e7d3527704d4f6022d4b0bd0eeaf8356fe
-
SHA256
fc359222307f4fb7aa112c091da0ed90481dea090ae53c9578cada9689da5319
-
SHA512
2d7523c5c348e964f2cc34715b4bdafca414457d9ac4ef92adb551c2d27898bb1e1e4852d8737f2e00fb803b3a4bd2f9c21efc9c7d2b1059d4df473ad2ae8d15
-
SSDEEP
6144:2WuxH77v70/IO8OcLulLzRyHCYlFf1BAf2UUsLDVtjLN1aacFPVfdCiUZNrqW1sl:2WSHzOgLulLNyiWp1O8CT2lfsiKF
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-