General
-
Target
4_6048434599929842876.js
-
Size
9KB
-
Sample
221124-byys8aaa97
-
MD5
f0d8c4e88c78cb534e1bf4df33cd0edf
-
SHA1
56e576823ce200a5d079b245cec26c4e1af71b4b
-
SHA256
392d3c413e8ea60cd0c8ec8876f0ff381aac710dce9ccb7f0f3432117582ee89
-
SHA512
25601825fd6b756aa65f84ab3bbf7f9ed3b953ea77d26b36fbeb91979c3d8abd0f655a9ace4f0510073a890c1fada5bd147a71bca6a563aa01c1dd66d1150082
-
SSDEEP
192:gRwZrQjrWzVD3CxZRfVjl/yzrPKs3RuHLKyJW7X1Kz5uMYICz5uaYzZ46Qz5IaYr:vZQjrWo3/ySa42yYFNaxSr+uai01z7U0
Malware Config
Extracted
formbook
a3c0
sQND4WdTOlkFZlIDVHk3N6w=
q+EQwUVJu0rqKMvucOA=
nf4X7hV5HnoX
D2GdxSupGqxnbntNXXJp+w==
KoafL5HWwP+dkIBzBGFB5g==
1xVJ44BmoRm3DNlzGHJX
UYqmwE2sg4Vs5dM=
Jo62P3tOy75tHQ==
/GeWSaKPP50rCg==
PZnUga+I0irSgi0Mieg=
Qq3jB6ADzvuvtjaTC2zo8w==
/EuBFH8FGV4K
X77vcuHgVNFutJyPCWj00bya
8G2Ond0wiP7wr1q4
FHaWv/JCjt7Im5NFHnNf
FG2UQcq8nnlv1c4=
WaW7Fh1B8o01AA==
B0prj62IYqtFLyEECFgQ1JKD
LYeyy+6iB2sV
zxVH23VoYL1fYBiGVL62CvZe0A==
Targets
-
-
Target
4_6048434599929842876.js
-
Size
9KB
-
MD5
f0d8c4e88c78cb534e1bf4df33cd0edf
-
SHA1
56e576823ce200a5d079b245cec26c4e1af71b4b
-
SHA256
392d3c413e8ea60cd0c8ec8876f0ff381aac710dce9ccb7f0f3432117582ee89
-
SHA512
25601825fd6b756aa65f84ab3bbf7f9ed3b953ea77d26b36fbeb91979c3d8abd0f655a9ace4f0510073a890c1fada5bd147a71bca6a563aa01c1dd66d1150082
-
SSDEEP
192:gRwZrQjrWzVD3CxZRfVjl/yzrPKs3RuHLKyJW7X1Kz5uMYICz5uaYzZ46Qz5IaYr:vZQjrWo3/ySa42yYFNaxSr+uai01z7U0
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-