General
-
Target
8283182984.zip
-
Size
202KB
-
Sample
221103-szz64sebhm
-
MD5
e266d28b637cf92e8d582da32e476c51
-
SHA1
6431afdb97ff75b4b3adf8d22bb28e9407ce6ac4
-
SHA256
387ffb226814e27323556e1ba7a7491c40b75e90c22630a03bab23e0692edc38
-
SHA512
c9adce2ec6a21b990d0b52d9aa07314c30b59592039339d21ce5f379fb402ae1bbd62d07431fc435479f5c2c04a4fe48fbfd092539cfe25686eaaac2b37b6fc9
-
SSDEEP
3072:tNWaLQ1GhBkc5VMMFzvdMevxrPIIHenYwERNHkej20URTnQnf7RE8Dd90qrL1+2R:tp01a5zMMFp2IHeYwE0eC0U6S8DLnAG
Malware Config
Extracted
formbook
4.1
je14
innervisionbuildings.com
theenergysocialite.com
565548.com
panghr.com
onlyonesolutions.com
stjohnzone6.com
cnotes.rest
helfeb.online
xixi-s-inc.club
easilyentered.com
theshopx.store
mrclean-ac.com
miamibeachwateradventures.com
jpearce.co.uk
seseragi-bunkou.com
minimaddie.com
commbank-help-849c3.com
segohandelsonderneming.com
namthanhreal.com
fototerapi.online
Targets
-
-
Target
jetsoff6543.exe
-
Size
214KB
-
MD5
3052597dc463bafa0c102a204dbf58fc
-
SHA1
bc083a8e34abfc24ea8b94b1325354ea2f4a08bb
-
SHA256
84a150ec171d193dbd5738ade685f3225716b6945e59625ce458f0a9069860b8
-
SHA512
9925797cf5061017bcfbf37ab968c0ddeda7e7abd6d2db8abb62aeb6ca0a711672b1cfd9c8a3ef7af07cedc9b7a4d8d0071a2371caabaacd9323d270ab6d4246
-
SSDEEP
6144:qweEpoJiPJhQxjr858KG3NLsJrdtvUlAg:boJi0xnYUaJpx5g
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-