General
-
Target
SecuriteInfo.com.Win64.Evo-gen.18229.2639.exe
-
Size
448KB
-
Sample
221125-d1xeaaha78
-
MD5
32b74bbfe8a1528e2a87dd5482458f98
-
SHA1
2a0d7f5896aeff18e8094474f3e87f7625f4a015
-
SHA256
aa6572e96ced2adf1ad645b40e7c3d6ce3854e3f4b7b2255f5cf269be602c296
-
SHA512
b4729732165491a4f079e340e5b0f4abdbf0a587d6539694496b2f90c061bcc4bcc21697d838869a1d4ea75a32db6ae22314e93abc16bd03f7c7114ec61c3239
-
SSDEEP
6144:Oc6Yv3YuqF4T15ui399J5MfYcuqR+teLTNX7PReyg7WtW2DbO0ZL0hxnMD+V:PwjFQ1E0sJ7LTNrPRe37KZLeMD
Malware Config
Extracted
formbook
t5ez
v+YaDdg/udazyV4Iyw==
MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==
WsTRjsGfK1Wt+wjFRn9mBQ==
TrAv42rPyfBfhpI=
2FrznhJCG6bpCgm9+n/Xq0cr
phy0dqeRgaeZzcuciHGgrkeVQw==
DIYHd2O24QEB
wVbxr0eqbQZMc4xwQF1W3NdmR2Xc
ncsN3VitpSp18jvXswKeJeQKA1DW
n/FT0RVVULr7fMV0Ykb8ztU=
OET6wvfsbaGp6O2/Rn9mBQ==
2Rb8gNoGR5GEwAeUhcs=
wR8Fc7imd8/3cQeUhcs=
rMZ/VOtX0kR/yV4Iyw==
9YIUqO7RR4iL5Cffi994
03AHmeAX+2F85Cnfi994
9QbOseAK0/c4SGJW
S1EDywDiYofETA==
ivZm1wDWR2hgAEFURn9mBQ==
D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc
Targets
-
-
Target
SecuriteInfo.com.Win64.Evo-gen.18229.2639.exe
-
Size
448KB
-
MD5
32b74bbfe8a1528e2a87dd5482458f98
-
SHA1
2a0d7f5896aeff18e8094474f3e87f7625f4a015
-
SHA256
aa6572e96ced2adf1ad645b40e7c3d6ce3854e3f4b7b2255f5cf269be602c296
-
SHA512
b4729732165491a4f079e340e5b0f4abdbf0a587d6539694496b2f90c061bcc4bcc21697d838869a1d4ea75a32db6ae22314e93abc16bd03f7c7114ec61c3239
-
SSDEEP
6144:Oc6Yv3YuqF4T15ui399J5MfYcuqR+teLTNX7PReyg7WtW2DbO0ZL0hxnMD+V:PwjFQ1E0sJ7LTNrPRe37KZLeMD
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-