General
-
Target
SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe
-
Size
836KB
-
Sample
220919-ngme3saebk
-
MD5
92ea516a4e27329ac0ef278dab2bfa76
-
SHA1
46e5db00e3f9a674208a51590aad707c2ffc03f8
-
SHA256
5dd3a0a56d55816a0ffa7a9f2feb75613a68bd2ba9f145bd69ea616e8b8c9c9e
-
SHA512
4ba4497ae441ff8879a6acaaef259915ead6021a058646c2726e77a87599b78d6dcc73879491f11b99d958388bcfff4b5c9f9eb9423bcda92a5c53df3a9789ba
-
SSDEEP
12288:aBoolbR462TDeI3BqjN23YNzH44kCYtAbmT:ae603g032U4kPtQmT
Malware Config
Extracted
formbook
6hsc
6cvqXARAGlgdnnbXYQ==
Mi4yZ8FULou6w26U2FDnEbA=
Xmx0bJmRZGL+O0RFfLFNN9AMdwn+
B0WNhyl4T2gWBIqE1VDnEbA=
DI2G9/sG/v6YIh42aQ==
0NTaAl90ZWYiGV/bT4U=
DWCuXrL23Cc3xdIG/0dT
fTbzys/dddqOVQ==
8ClrDFi3i+asgxBOnguhlQ==
YjOkWLSpXeqrXw==
gAIov8vbtv8vr8/tFSXvDULL7thokKA=
xMW2qsXay7xNkonR/zxPo939
xc38fRlgO2opnnbXYQ==
+o31vQlURJKmLUWfHlMq0Gjs
z6GwWxCSKJLJ
2pnQ5evpehAxUt4hd6pq9X71
2CmXDSU2DTmDR+Q=
WV9ScxFQID1V2glQnguhlQ==
L8UDlK65h9wJ7Zeb3VDnEbA=
Agb4LF2bRcDX
Targets
-
-
Target
SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe
-
Size
836KB
-
MD5
92ea516a4e27329ac0ef278dab2bfa76
-
SHA1
46e5db00e3f9a674208a51590aad707c2ffc03f8
-
SHA256
5dd3a0a56d55816a0ffa7a9f2feb75613a68bd2ba9f145bd69ea616e8b8c9c9e
-
SHA512
4ba4497ae441ff8879a6acaaef259915ead6021a058646c2726e77a87599b78d6dcc73879491f11b99d958388bcfff4b5c9f9eb9423bcda92a5c53df3a9789ba
-
SSDEEP
12288:aBoolbR462TDeI3BqjN23YNzH44kCYtAbmT:ae603g032U4kPtQmT
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-