General
-
Target
5a1323515fd9a66cc8903d84b00877d26be8f69ef23257ff0928265e3ad9616a
-
Size
928KB
-
Sample
221012-sxmg8shdhn
-
MD5
475f05d317dabe9d15d0b005a80c6c08
-
SHA1
131887a140160fa8db11837865cb538a0fc28b49
-
SHA256
5a1323515fd9a66cc8903d84b00877d26be8f69ef23257ff0928265e3ad9616a
-
SHA512
1047b577e467462b2a5a8dff46d3de1e4ea77d260cb570e927a5aa640c25513d0052085382c3109c0b745a92270c426a5728584ab460d37ad963919543fee12f
-
SSDEEP
12288:n06KVDwfPYAyX+i3neOravcmgg65BtaHeCrbDFsBXiYuI/EBZG3m/P:TUcJkXraAV5SHfrY/EBym/
Malware Config
Extracted
formbook
4.1
lsg6
krishisudi.com
titantechsol.com
yourdeliveryteam.com
lovedecorstore.com
brtetsan.net
captainas007.com
porschegasolinesettlemetusa.com
oilspotgone.com
fclcollegelaw.xyz
cottastt.pro
xn--vb0b54ro0ioxlcrc6p.com
daidogei-point.com
theavalonsaysmoo.com
adhasahar.cloud
lovetivation.com
hipsandcures.com
writingaboutrealestate.com
atharvatrips.com
stair-lift-48402.com
thetrusttimes.com
Targets
-
-
Target
5a1323515fd9a66cc8903d84b00877d26be8f69ef23257ff0928265e3ad9616a
-
Size
928KB
-
MD5
475f05d317dabe9d15d0b005a80c6c08
-
SHA1
131887a140160fa8db11837865cb538a0fc28b49
-
SHA256
5a1323515fd9a66cc8903d84b00877d26be8f69ef23257ff0928265e3ad9616a
-
SHA512
1047b577e467462b2a5a8dff46d3de1e4ea77d260cb570e927a5aa640c25513d0052085382c3109c0b745a92270c426a5728584ab460d37ad963919543fee12f
-
SSDEEP
12288:n06KVDwfPYAyX+i3neOravcmgg65BtaHeCrbDFsBXiYuI/EBZG3m/P:TUcJkXraAV5SHfrY/EBym/
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-