General
-
Target
New Inquiry.gz
-
Size
204KB
-
Sample
221017-pkwctsbge5
-
MD5
5141a713766e6038c2115eaa9feb7f78
-
SHA1
5f423d3813890f30a1ec915e6a091efd8ffb4bbb
-
SHA256
43963f663331f1fa8342f4e3b7b2112e705ab5094b63bf51a639223321dcc901
-
SHA512
db9d56a28e8f7f7096fd65f9d9d5f020d59b1c462eb0ff1e7e701204535da83e85ffa7b2a0359976d879b8cf2d3f02731288df8c2a5daf1adba2c8b391fc4f7e
-
SSDEEP
6144:/iw770eKlIyKefdOd9P7w7wcSWk5BHX5m5Xd8:D77PKlKjdMwcSDB35m9K
Malware Config
Extracted
formbook
4.1
d06c
douglasdetoledopiza.com
yxcc.online
primo.llc
mediamomos.com
cosmetiq-pro.com
22labs.tech
turbowashing.com
lindaivell.site
princess-bed.club
groundget.cfd
agretaminiousa.com
lomoni.com
nessesse.us
lexgo.cloud
halilsener.xyz
kirokubo.cloud
corotip.sbs
meghq.net
5y6s.world
weasib.online
Targets
-
-
Target
New Inquiry/New inquiry.exe
-
Size
236KB
-
MD5
dd1a098f5e803e0d80f1d7a7333ca8a5
-
SHA1
224bf29996d204c81e825c28b2955a6f2f01973f
-
SHA256
48c09aadd19df65dcb19eed8da77377e60aa7e6e5cba53ba0507faa9c550c193
-
SHA512
d0ef4d2a6dda49b0c513fb76a81f78cba3c67ace14b7254c580b8c41972406bbe3324c0ae7d5bd3e23ee916b8a9080c25b331a80ccf727635da373682627bfc1
-
SSDEEP
6144:i6bAcJ3iiPiaIj0sBo+0iBDQp9tHjaq8fRlilqaerDbI6Iu:JjIj0op0i1iHHTn0nkO
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-