General
-
Target
8164356166.zip
-
Size
726KB
-
Sample
221010-re76jscccr
-
MD5
691bc4e9a4cc57923afd192d967c0564
-
SHA1
ab6f8a6485e890d70121b2fbd0e220c316deb14e
-
SHA256
0eaf8fb227e3199f24985dca89e3c7a8e0138251456c94b12209120db4647be1
-
SHA512
459f5c066ab527b8390375608e8e116ce18e5c6bb4d692110a9216a8bc7d8d5a13d11ad20e449c75a547ec498e47afc6bef1fdba4d0df2825ea8addd02437501
-
SSDEEP
12288:mi/tIGlQxK71YVUe2f5+MYfXgwoEO+TM2JtZC0fw5v0/vguGrGuVdKX1gcLVkha9:mi/tzt7Ot2hNwAgtQ0Y5W0Xcwhft/lp0
Malware Config
Extracted
formbook
6hsc
6cvqXARAGlgdnnbXYQ==
Mi4yZ8FULou6w26U2FDnEbA=
Xmx0bJmRZGL+O0RFfLFNN9AMdwn+
B0WNhyl4T2gWBIqE1VDnEbA=
DI2G9/sG/v6YIh42aQ==
0NTaAl90ZWYiGV/bT4U=
DWCuXrL23Cc3xdIG/0dT
fTbzys/dddqOVQ==
8ClrDFi3i+asgxBOnguhlQ==
YjOkWLSpXeqrXw==
gAIov8vbtv8vr8/tFSXvDULL7thokKA=
xMW2qsXay7xNkonR/zxPo939
xc38fRlgO2opnnbXYQ==
+o31vQlURJKmLUWfHlMq0Gjs
z6GwWxCSKJLJ
2pnQ5evpehAxUt4hd6pq9X71
2CmXDSU2DTmDR+Q=
WV9ScxFQID1V2glQnguhlQ==
L8UDlK65h9wJ7Zeb3VDnEbA=
Agb4LF2bRcDX
Targets
-
-
Target
10503ccee19c440f294f4e4833b8df43f2f8f4620f4af3f01dd0a74b11fed33c
-
Size
1.1MB
-
MD5
ab21def9360038cafa353972417b0527
-
SHA1
877b7890ee8aed3e4ba3aefb0723a1ecb41ff27e
-
SHA256
10503ccee19c440f294f4e4833b8df43f2f8f4620f4af3f01dd0a74b11fed33c
-
SHA512
7dbf424263a6d4f93ffc504322ef7e4e650a019ab71181444241b1aff6e73021b02e2956ddd4b27e75aa970f83de689685ac9c6ca96f9f3a7a92388430f0fa29
-
SSDEEP
12288:Usc1hw4e/ehrrzpaEKs0k5yQa2wsUyrjRhxHCQyuVR1hw4e/Ugi:J4LJUEKBDZyRmKG4T
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-