General
-
Target
9586cb34f6fa42b5b89f4457f775731256f1b53ac22aaa3a35aa4ad305f632a7
-
Size
783KB
-
Sample
221012-t3ym5abgam
-
MD5
8f837ad0951a94117ac86dd6385ca5c4
-
SHA1
ab800928817a085631f1cf151b397a6d641435d6
-
SHA256
9586cb34f6fa42b5b89f4457f775731256f1b53ac22aaa3a35aa4ad305f632a7
-
SHA512
6fdbe3e2635740284d51329f4f927175ea40ce099115722649e92d6975a3a2798253b5194be66818e344a4eb8038f1fda2083c279669ecfb496162d00af19565
-
SSDEEP
24576:rqUT/0shbH1vT/0shb+b+3KwmsrN371ScRP3:WC5HA+3KnsrTSW
Malware Config
Extracted
formbook
ggn5
8R7ZW95w3clOnC4AlPAzoWwuEw==
swlTdCDQPk+hl+wImA==
2/aUvRavGyb19plNVx+5GQ==
Rd4wTL9s4PuqxplUDqk=
pRI5M5Eji6imnE+MVx+5GQ==
E96vE28Fe4YFQM5dW/26
dSy41Te8Jmyll+wImA==
oLmXQRUUjjzQOG0=
webWuSi8EgzM3Fb8
lL2TAVbEryQXiwt6D6E=
XfJyvVghk4bYF4fPkQ==
X073jGRoXuJ2Q2U=
+vqb0CjaTCuk5CUO+e6hkqs=
ROZ1nvuX+Qua5nVA/KO+7e0u
MVEJeT01Tr+GHiL0
hjajov6a+xjM8PhCAaVuhmvkRgA=
T8Dz6u0O8FnT6jh0NVUAnAE0FQ==
lg5QYcRIQKJG3hhzFva5p7U=
+iHteGqfhkPpXg==
21Y1pB+1F7h3wYTNkA==
Targets
-
-
Target
9586cb34f6fa42b5b89f4457f775731256f1b53ac22aaa3a35aa4ad305f632a7
-
Size
783KB
-
MD5
8f837ad0951a94117ac86dd6385ca5c4
-
SHA1
ab800928817a085631f1cf151b397a6d641435d6
-
SHA256
9586cb34f6fa42b5b89f4457f775731256f1b53ac22aaa3a35aa4ad305f632a7
-
SHA512
6fdbe3e2635740284d51329f4f927175ea40ce099115722649e92d6975a3a2798253b5194be66818e344a4eb8038f1fda2083c279669ecfb496162d00af19565
-
SSDEEP
24576:rqUT/0shbH1vT/0shb+b+3KwmsrN371ScRP3:WC5HA+3KnsrTSW
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-