General
-
Target
EKSTRE.exe
-
Size
214KB
-
Sample
221027-nr99wscael
-
MD5
36089a492ec3710e15a4b5a0261d249b
-
SHA1
75e9a0c4ca67ddd2c21353e03a2d80881aca3bc4
-
SHA256
9469fcaa1fdedbca5dea10fbc8908e549bd80111eebeb817b1f74d6355fdff66
-
SHA512
834192c31bdbfa43ac8cc32df9911e6aa3854b1a14615f6176b3fbe89298a10367d128a2fb0edb0e81bdb4fcd47fb57f7c3e2d8ae1502bb5d201787d2f8cf5b0
-
SSDEEP
6144:qweEpm/FpVprq8ELucHE4VS08uIaijEeHd:bQzqikTnbiQ8
Malware Config
Extracted
formbook
4.1
et02
floppa.art
mdesign.solutions
rus8.top
pleasantvilleenclave.com
schweitzervacation.rentals
yaolibeautyme.com
the20-sa.com
hifuel.info
meadowsweetwater.com
squamouscellcarcinoma.site
buildingblmt.com
saberfund.online
letyourstorytalk.com
neinagordon.com
turing.buzz
bouldercityhandyman.net
gethub.online
404wellesleycourt.com
squezpop.com
doublesranch.net
Targets
-
-
Target
EKSTRE.exe
-
Size
214KB
-
MD5
36089a492ec3710e15a4b5a0261d249b
-
SHA1
75e9a0c4ca67ddd2c21353e03a2d80881aca3bc4
-
SHA256
9469fcaa1fdedbca5dea10fbc8908e549bd80111eebeb817b1f74d6355fdff66
-
SHA512
834192c31bdbfa43ac8cc32df9911e6aa3854b1a14615f6176b3fbe89298a10367d128a2fb0edb0e81bdb4fcd47fb57f7c3e2d8ae1502bb5d201787d2f8cf5b0
-
SSDEEP
6144:qweEpm/FpVprq8ELucHE4VS08uIaijEeHd:bQzqikTnbiQ8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-