General
-
Target
8475303000.zip
-
Size
5KB
-
Sample
221128-2t43jsec3s
-
MD5
dd4292b0873728926117683fc8f99520
-
SHA1
ddc874a0b25c49fd59a3d695ea7a203b4581fd94
-
SHA256
c536334b0a8594a939d8c11faefde9233f7838dfb94331d9a6e3c688ea738ae2
-
SHA512
8b2cd5fdeab11d3f011228bbb8ac43f87a89ac4cb17e21dd972f161902c7942e6b4a31546648ea25bfed0b1406c6acd9b1e016f605fb5abbaa49e254326ebae9
-
SSDEEP
96:uB3JI6GXu2Z0hpn+g1128JOgW+WylOi1+NBILY5lBhkZvZAZDMXKB1PschD:c5We00r+0RhLhlOic0LY3BtRtschD
Malware Config
Extracted
formbook
4.1
mi24
iberostargrandelmirador.info
emaginemru.com
clubeurowin.com
calspasjohnston.com
chasforg.me.uk
birslot.online
doyouthrive.com
collagenukr.shop
especiallyszhienough.com
g2-inc.online
bty0to.com
bodao.online
found-alerts.live
hcsilicon.com
19562.site
injurylawyersconsultants.com
annvandersteel.store
agenturplatzhirsch.store
descontosenergy.com
casesyanstarted.com
Targets
-
-
Target
0c3cf51bad9939b49a0a84465261c4bb1b218e9896a63b7d9b4a1fdd3e4e5d9b
-
Size
19KB
-
MD5
48e8120fe2553410035e7686bbadf6be
-
SHA1
ab8ccba71e5c0a8d0f0429da2991f7fb583f9feb
-
SHA256
0c3cf51bad9939b49a0a84465261c4bb1b218e9896a63b7d9b4a1fdd3e4e5d9b
-
SHA512
2420f967cd0cbab93476c898d17e83811e2653edbbdc04db8c7e289f3d5e0d3c409f138c7fdae3a7d354250a2d885ca04d527f77bb22ad3e581668883e7d6825
-
SSDEEP
192:6rtynt64526Ez3VVk80pf8stYcFmVc03KY:6rkt6452Fr2pfptYcFmVc03K
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-