General
-
Target
8214736293.zip
-
Size
957KB
-
Sample
221017-ykwg9schc4
-
MD5
073957ce6da1f34e567883fc48ab2267
-
SHA1
beb5a3df8f92346adcaa086d4ee683cd41e74575
-
SHA256
699fbd0e90c9d904ccde9fa7326ca0139c169b268a4d698dfa9b82e68950f7b2
-
SHA512
0136ab24a64c7facc370c2ff326f0891eef6942b1d3a1c338ec165dac4e31af5d81a3bf47eb30dcd9385c4d285a2483c711cb60d58d79c78f39c6793a7eab920
-
SSDEEP
24576:xSCFvp4DGE+MUyMMnhUv8VbhR1dKOcbOMKAD/zxmXYkN3:xvmDNu3MhUoFKf3kXn3
Malware Config
Extracted
formbook
4.1
je14
innervisionbuildings.com
theenergysocialite.com
565548.com
panghr.com
onlyonesolutions.com
stjohnzone6.com
cnotes.rest
helfeb.online
xixi-s-inc.club
easilyentered.com
theshopx.store
mrclean-ac.com
miamibeachwateradventures.com
jpearce.co.uk
seseragi-bunkou.com
minimaddie.com
commbank-help-849c3.com
segohandelsonderneming.com
namthanhreal.com
fototerapi.online
Targets
-
-
Target
jestyyfre44321.exe
-
Size
1.1MB
-
MD5
c2d4e5290155193ed854fc6d27ec83a4
-
SHA1
de83fd85e5496b9ccc8f56bd162d27381835c1af
-
SHA256
e4c4e4111a17d0130da8cfb7694900d1d7f16bfb74ab45eff550e6319d88a602
-
SHA512
e873f5dc3e318be701bbcdc55f2a61060e72a54c58c17fc2b339b9faf5b9b52f764241d7c6f1c5758884fa76cb1257c605ea2cc1c9d085e99fd51fd457e65e73
-
SSDEEP
24576:UAOcZXcxP6P4C6oV5Ogn+pN6k77rvyOMF5:CH9C6qX+pN6kDbE5
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-