General
-
Target
707b97fb5258d16558c7586accf54557419645343d004c5563ec7dea786aafad
-
Size
224KB
-
Sample
221122-jbh39ahd3w
-
MD5
079000b21ec27e810888be8968365621
-
SHA1
146b99843a4eaf74d3e7971ecf35e665170d9b83
-
SHA256
707b97fb5258d16558c7586accf54557419645343d004c5563ec7dea786aafad
-
SHA512
7fd4a4a11894a1e42da5ea658c36039eb3dbf6bf49dbe672db816e2eff42e26f12e9265855f789eaf938a1dedb057ae9ebecb6acd9284fbfbb8c331ac5a30823
-
SSDEEP
6144:MEa0Nz0548b5cPJD3ptMTQ1R0MmMuIilDo:XW4Q5cRLjX1R0p7Iuo
Malware Config
Extracted
formbook
f4ca
omFHB5ajfJi1UEIEV9XcoRw=
UBjJkmQPyprdhcFF/bdCWQ==
evGKkBUj1je+otcfpw==
KgvGVeOATSt3nug0BIOm2JvOQycB
Lv6o3K0r9aSjI0lr9fg1txw=
LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=
99dte0XauJfk6Xv+uQxJFgA1gMktBA==
21FkkGB9gMniDQw2ffu6
r4lKBM/q6TZwVZfS
F+14qHeVWi56KdQ=
BgWXRsVoICMvvQ==
I+EozFl0Uy56KdQ=
xoXCgEllKEbWfjFCCLo=
qo9G1lXvvGt5GkxrLQWw
ORNlYic0PJ2ip4geEFSv
Yj+GFpvFxy0uVYx1fLI/XQ==
XL+veIKPjOTe4fjvFs+n
D2JKVAfuakXCAyoEvw==
voWJU81tH56wvt/vImbCcgVd
dVEcwFrmb8bZ4vXvFs+n
Targets
-
-
Target
707b97fb5258d16558c7586accf54557419645343d004c5563ec7dea786aafad
-
Size
224KB
-
MD5
079000b21ec27e810888be8968365621
-
SHA1
146b99843a4eaf74d3e7971ecf35e665170d9b83
-
SHA256
707b97fb5258d16558c7586accf54557419645343d004c5563ec7dea786aafad
-
SHA512
7fd4a4a11894a1e42da5ea658c36039eb3dbf6bf49dbe672db816e2eff42e26f12e9265855f789eaf938a1dedb057ae9ebecb6acd9284fbfbb8c331ac5a30823
-
SSDEEP
6144:MEa0Nz0548b5cPJD3ptMTQ1R0MmMuIilDo:XW4Q5cRLjX1R0p7Iuo
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-