General
-
Target
DOC20220919-5678909876556089.exe
-
Size
787KB
-
Sample
220924-18g1wsdedk
-
MD5
6b40f897cb3162a30b4f4f63af64963a
-
SHA1
a004c760f745b1cc6d14aee87b6164cb3c4fc36c
-
SHA256
603b9ff5f2450d74e36a1102c2376268b08224658f5b1dfa26d3e53636a76660
-
SHA512
743b3dc822d26427b82d5a37c9b10a039abb04f5704f4cfd6a1ee654a384a0748e31c1853edd15a487c53f5ee9e2716078120054f05a8aac1921f9f07d4432dc
-
SSDEEP
12288:/bsNQBpuOR/+Mfm8pX8eNv1dsgGCWjwP/zXWpuKHaefN4tKe:aisMfNFx3sQnLWpie4
Malware Config
Extracted
formbook
c1no
NOAZ1GtFnUx1bqjUWmD6
sUBk3CYAoWuQfq3UWmD6
5vwrVl0msDtpEkYt
VtL6sSoIchhMStcj5DxYbm3FBw==
BKjy1ZxyhhuJ2guPWUI=
eAgklPLAE7zgqOmwRqPNOQLXz1Y=
aApC9n9Zp0ZhObwjLLLUAg1cjsx6Lg==
OrLZYLeFBavC1cD5+A==
jJm87eu4hy/QMbYE/wzDRQLXz1Y=
s63OS5RsBKrY3FurpDZXbm3FBw==
hyxwKsePxJNCwwejbEg=
l5667e2vQOkM4hFPE5yA0Q==
wTtVQBT04YkyoNKoN53GFV9m2hpS
+pzWhBnS26FJqiRyZXQrqR1Ow/1B
d/VHx031x5W2
GjhhiKSDZ/1txQejbEg=
nDhRjp5e9JeQiKzm+gqI41hdV5nFhsI=
ws4wtUMZYA1pEkYt
GazXV6Fr6akfcvxEOcbpTTCmMEq7Jg==
2vAOHufF5MT6VdU=
Targets
-
-
Target
DOC20220919-5678909876556089.exe
-
Size
787KB
-
MD5
6b40f897cb3162a30b4f4f63af64963a
-
SHA1
a004c760f745b1cc6d14aee87b6164cb3c4fc36c
-
SHA256
603b9ff5f2450d74e36a1102c2376268b08224658f5b1dfa26d3e53636a76660
-
SHA512
743b3dc822d26427b82d5a37c9b10a039abb04f5704f4cfd6a1ee654a384a0748e31c1853edd15a487c53f5ee9e2716078120054f05a8aac1921f9f07d4432dc
-
SSDEEP
12288:/bsNQBpuOR/+Mfm8pX8eNv1dsgGCWjwP/zXWpuKHaefN4tKe:aisMfNFx3sQnLWpie4
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-