General
-
Target
37fc27ae593c57c90608af9929d7ade4fc5924ec4e795c445c4bf8a5a1bf8585
-
Size
213KB
-
Sample
221028-1mmn9ahaep
-
MD5
8394ecb2a0a35cca1f191c1798cab6ce
-
SHA1
0866de03627135b370e33ecf65ad13a9be9a2882
-
SHA256
aa7ab4157c0ea04bfff754a8427eddf57cc270d8cb7b01752cc070c71ac7bdd8
-
SHA512
62fcb2c50dc29867d91e3f0e3c1ebc37654fea61fd17124ed68d04e1e0677c3f766fdee69a1b2016c85556f14b4d7f9a50f12d2e69d987120ced5e24be47f24b
-
SSDEEP
6144:H0175CEz5SCTVAjVHIDiErhpbNCv0rLlcHKrFZ4:U75CITVAjVIlhpcv4/4
Malware Config
Extracted
formbook
f4ca
omFHB5ajfJi1UEIEV9XcoRw=
UBjJkmQPyprdhcFF/bdCWQ==
evGKkBUj1je+otcfpw==
KgvGVeOATSt3nug0BIOm2JvOQycB
Lv6o3K0r9aSjI0lr9fg1txw=
LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=
99dte0XauJfk6Xv+uQxJFgA1gMktBA==
21FkkGB9gMniDQw2ffu6
r4lKBM/q6TZwVZfS
F+14qHeVWi56KdQ=
BgWXRsVoICMvvQ==
I+EozFl0Uy56KdQ=
xoXCgEllKEbWfjFCCLo=
qo9G1lXvvGt5GkxrLQWw
ORNlYic0PJ2ip4geEFSv
Yj+GFpvFxy0uVYx1fLI/XQ==
XL+veIKPjOTe4fjvFs+n
D2JKVAfuakXCAyoEvw==
voWJU81tH56wvt/vImbCcgVd
dVEcwFrmb8bZ4vXvFs+n
Targets
-
-
Target
37fc27ae593c57c90608af9929d7ade4fc5924ec4e795c445c4bf8a5a1bf8585
-
Size
225KB
-
MD5
3359916b838254bede2336070d99b6e5
-
SHA1
ae40ca0d6b91624cd8d9ef1b30e1ce2338c3309f
-
SHA256
37fc27ae593c57c90608af9929d7ade4fc5924ec4e795c445c4bf8a5a1bf8585
-
SHA512
989e405e72f4be4abcca21e8b8cb84b37165e00a88a13f3186801f0f64be8c6a7e70d069e69dfb58f71622a6b41b5c9a93d20279e4a3c580f3e2f488d59a7406
-
SSDEEP
3072:qUJoFfWzzl+cSM2wPddXssJXKAI95ibwrhlikpXbeK3eMmR6M3vcJLSmKqcHKrF+:qweEp2KjV5IDiErh7bNmv0JLlcHKrF+T
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-