General
-
Target
f3ddd84b590f6579c2bb685fa8bb486564c0ba53ff5619565feba5b79aba251a
-
Size
225KB
-
Sample
221104-b4a94sbhbl
-
MD5
a5c131c279492a7c4faf41aeb9d74df3
-
SHA1
b9682208bfd207f5ba509841babfc373abfb32a0
-
SHA256
f3ddd84b590f6579c2bb685fa8bb486564c0ba53ff5619565feba5b79aba251a
-
SHA512
9431ccddf09aac7f7c02acb501533f4892a3c5d65f999bcbdd0afaa02ab57af8542007064c1516ab8538a062288092c0e18686a34300a92dd918120e3fc2bb77
-
SSDEEP
3072:qUJoFfWzzl+cSMJysmAtGiTAumzXrz8FTE/CmDp9h4fP8oojb/fQE1a0oDmeWqH4:qweEp1wiTATO41hos/o0oYCoc7zd4Gi
Malware Config
Extracted
formbook
f4ca
omFHB5ajfJi1UEIEV9XcoRw=
UBjJkmQPyprdhcFF/bdCWQ==
evGKkBUj1je+otcfpw==
KgvGVeOATSt3nug0BIOm2JvOQycB
Lv6o3K0r9aSjI0lr9fg1txw=
LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=
99dte0XauJfk6Xv+uQxJFgA1gMktBA==
21FkkGB9gMniDQw2ffu6
r4lKBM/q6TZwVZfS
F+14qHeVWi56KdQ=
BgWXRsVoICMvvQ==
I+EozFl0Uy56KdQ=
xoXCgEllKEbWfjFCCLo=
qo9G1lXvvGt5GkxrLQWw
ORNlYic0PJ2ip4geEFSv
Yj+GFpvFxy0uVYx1fLI/XQ==
XL+veIKPjOTe4fjvFs+n
D2JKVAfuakXCAyoEvw==
voWJU81tH56wvt/vImbCcgVd
dVEcwFrmb8bZ4vXvFs+n
Targets
-
-
Target
f3ddd84b590f6579c2bb685fa8bb486564c0ba53ff5619565feba5b79aba251a
-
Size
225KB
-
MD5
a5c131c279492a7c4faf41aeb9d74df3
-
SHA1
b9682208bfd207f5ba509841babfc373abfb32a0
-
SHA256
f3ddd84b590f6579c2bb685fa8bb486564c0ba53ff5619565feba5b79aba251a
-
SHA512
9431ccddf09aac7f7c02acb501533f4892a3c5d65f999bcbdd0afaa02ab57af8542007064c1516ab8538a062288092c0e18686a34300a92dd918120e3fc2bb77
-
SSDEEP
3072:qUJoFfWzzl+cSMJysmAtGiTAumzXrz8FTE/CmDp9h4fP8oojb/fQE1a0oDmeWqH4:qweEp1wiTATO41hos/o0oYCoc7zd4Gi
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-