General
-
Target
SecuriteInfo.com.W64.Agent.FIC.gen.Eldorado.29075.6786.exe
-
Size
444KB
-
Sample
221124-rvpzxadh4w
-
MD5
4119ce4cfd3874a04575d0147614ec77
-
SHA1
edb660a647b5e7c736aa0b8151b19ff300d3fdd9
-
SHA256
881cfae1ae88de7cd88f87fa2c2d7aeff02ab8f3d2c7381d000cd9097e71b196
-
SHA512
36524564ea475e0c6b0345a1664997669d19b3907443195a42527721340ee8ab3a4bbd4d7ee9169228bef6f6747f2d2f65aea0305d27dd7bc7dace92a3257dbf
-
SSDEEP
6144:/3I4oKkdQlULYvLLWqY3FAssinEeOgmczeOmM3rdNwgLrlCfnEnsGAc82Hn0QIb:+KkMFLmes2OzvmM3Lwg/4fEnJg2H
Malware Config
Extracted
formbook
t5ez
v+YaDdg/udazyV4Iyw==
MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==
WsTRjsGfK1Wt+wjFRn9mBQ==
TrAv42rPyfBfhpI=
2FrznhJCG6bpCgm9+n/Xq0cr
phy0dqeRgaeZzcuciHGgrkeVQw==
DIYHd2O24QEB
wVbxr0eqbQZMc4xwQF1W3NdmR2Xc
ncsN3VitpSp18jvXswKeJeQKA1DW
n/FT0RVVULr7fMV0Ykb8ztU=
OET6wvfsbaGp6O2/Rn9mBQ==
2Rb8gNoGR5GEwAeUhcs=
wR8Fc7imd8/3cQeUhcs=
rMZ/VOtX0kR/yV4Iyw==
9YIUqO7RR4iL5Cffi994
03AHmeAX+2F85Cnfi994
9QbOseAK0/c4SGJW
S1EDywDiYofETA==
ivZm1wDWR2hgAEFURn9mBQ==
D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc
Targets
-
-
Target
SecuriteInfo.com.W64.Agent.FIC.gen.Eldorado.29075.6786.exe
-
Size
444KB
-
MD5
4119ce4cfd3874a04575d0147614ec77
-
SHA1
edb660a647b5e7c736aa0b8151b19ff300d3fdd9
-
SHA256
881cfae1ae88de7cd88f87fa2c2d7aeff02ab8f3d2c7381d000cd9097e71b196
-
SHA512
36524564ea475e0c6b0345a1664997669d19b3907443195a42527721340ee8ab3a4bbd4d7ee9169228bef6f6747f2d2f65aea0305d27dd7bc7dace92a3257dbf
-
SSDEEP
6144:/3I4oKkdQlULYvLLWqY3FAssinEeOgmczeOmM3rdNwgLrlCfnEnsGAc82Hn0QIb:+KkMFLmes2OzvmM3Lwg/4fEnJg2H
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-