General
-
Target
Orden+de+compra+PO+N°+OC+1062022+20220923.PDF.z
-
Size
719KB
-
Sample
220925-bfzmsseaar
-
MD5
c8492861623e309a50bc3deec245a6a9
-
SHA1
7b3f507af2febc453257313b19000e06d70f0241
-
SHA256
26ed0464f0a2b40ab205b842f371ada38644a44268cffaff1ed15e2bc377898c
-
SHA512
f50bd7a3a7ec1add6ebe293ca05d95ee60216e85a8658c13834b71784411a0eccdb5a2abbfeb10c78c53688aaeacb7a2ef02275fa8be85746ac43ae07937ea48
-
SSDEEP
12288:SSPE3RYAahu7IZ94+S/qWfCtv1A+/E75S0iDLbOttxll1OVIX:M3BahucPDSeC75ADfOb3lIVIX
Malware Config
Extracted
formbook
4.1
jr22
941zhe.com
lunarportal.space
xn--osmaniyeiek-t9ab.online
trejoscar.com
nrnursery.com
quizcannot.cfd
seedstockersthailand.com
watsonwindow.com
wjfholdings.com
weziclondon.com
naruot.xyz
yeji.plus
classicmenstore.com
oharatravel.com
therapyplankits.com
keviegreshonpt.com
qdlyner.com
seithupaarungal.com
casinorates.online
8ug4as.icu
Targets
-
-
Target
Solicitud de confirmación de pedido del cliente PO N° 1062022 20220923.exe
-
Size
993KB
-
MD5
7b2e8a8d759b0a7aa916000f2c0baed4
-
SHA1
8facc8dcd3d5099f3b59e92c15f89631f591a783
-
SHA256
def1e379f4f24a71f326af79054273cdc59833058d729e946ed8f0ed4ee0b882
-
SHA512
35b5b28ec75d04be9512544f7cacb86a568e2ea0b37206bf0885385fb1dce87cbf614ed9cb61ac9b2d6adfa99f7b4d7a103d812f3a3b40379e824df68d685b36
-
SSDEEP
24576:q9sIhLuyyqx1zwBsltHTxIEpd+U+ilwAhy:qpLuyyu1MBmFIEpd+Uflphy
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-