General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21822.21708.exe
-
Size
1.2MB
-
Sample
221011-gjk7gaghe2
-
MD5
b873e0441c0ed5a134eb54f1fa7615fb
-
SHA1
728296c91b19720e6b1d2a848e4172632ac88b08
-
SHA256
959b7b3c7962cbd8e88c0f342f370258244ab2a396ebd6abf26389020baf9a4c
-
SHA512
903a24c20efeccc738ced4c4099ae4b22a555d2f27c1e196f8141cc6a5087b7f46a091cea040433b48b0217329ebfb6eac1856bb30198a00920fcf1eff6e316d
-
SSDEEP
12288:9KwfSzSu4B1aOYLryG3Azk8pmLSlgZq+iDtBEnTJAAQSQy4AHlyAKp:KGfHZUynuq1DtBYSAtQy4AHlWp
Malware Config
Extracted
formbook
mmtr
A2DZqKcj5ytLVZtHJA==
fMXPWQG+JWa0S6lZOg==
8kymMDxB6ShVJHxu2gshFtXY9Rw=
1TcOF6WxcdzplqFGcUCNkBY=
k3TLhZ+bOG7ahplcPA==
K4kL5Aq5abHNS6lZOg==
mXDSo9XmxlqYN6psOA==
m+RNCVT4shAb
G1kzROn+2jCug7F5psQ=
qNYsJkWzqwkZ
0BcDQuH0xt4oBh4=
pfRW4ZhmRsEiyvP2Mg==
Sqgj4eztyCg0Ezwo39iHXQ==
bIi2etJbcdUB
k2g3gBesND9hUoKOzGaVFKX6IuUaknqH1Q==
8dFDXQPnb4s+sWfhwoqOdgmABBK+YGg=
Pn9PmDzelx84EjfdzY0WkiRPz6i4
SrUfvOfNO3DMdLvB
GFXHQ9NuPdHsxOiU2umGMSiTvQE=
Kv9sdrhSbDfMdLvB
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21822.21708.exe
-
Size
1.2MB
-
MD5
b873e0441c0ed5a134eb54f1fa7615fb
-
SHA1
728296c91b19720e6b1d2a848e4172632ac88b08
-
SHA256
959b7b3c7962cbd8e88c0f342f370258244ab2a396ebd6abf26389020baf9a4c
-
SHA512
903a24c20efeccc738ced4c4099ae4b22a555d2f27c1e196f8141cc6a5087b7f46a091cea040433b48b0217329ebfb6eac1856bb30198a00920fcf1eff6e316d
-
SSDEEP
12288:9KwfSzSu4B1aOYLryG3Azk8pmLSlgZq+iDtBEnTJAAQSQy4AHlyAKp:KGfHZUynuq1DtBYSAtQy4AHlWp
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-