General
-
Target
351cf2dc95adf5b3f54c2927a9346b66114315fbd2bba17db7d8f2cbe9c8a1f3
-
Size
876KB
-
Sample
221128-dnbbaaaf95
-
MD5
8d1002c160dfbf7816024302ca86dd0a
-
SHA1
b1aabf15fb0820665e0c565acd8abe1baa0dffbf
-
SHA256
351cf2dc95adf5b3f54c2927a9346b66114315fbd2bba17db7d8f2cbe9c8a1f3
-
SHA512
c4d1b336b6656f8376c1e11e443e4aa44fe965e3363f0b0b364e47508dac54ebbd1ac3a35694054c38c1617492b9a504a6083e796c575beff6a62f6aa99c78b3
-
SSDEEP
1536:n9npGEch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+N:FkY
Malware Config
Extracted
formbook
4.1
j13e
qk003.com
freightfuture.co.uk
108palmerroad.com
thutienho.com
ardeoyourlife.com
bestcarszoo.com
cookingwithadele.com
anysoftware.cfd
digitalbiotech.agency
hospitalityskills.uk
fivestarsholidaylighting.com
cleandeals.net
tinysaints.online
moh-casino-fresh.club
fastlesbiandating.com
galvanizrulo.online
bbet678.com
voiceofdasouth.com
worldpetsexpo.com
parlementfleming.com
Targets
-
-
Target
351cf2dc95adf5b3f54c2927a9346b66114315fbd2bba17db7d8f2cbe9c8a1f3
-
Size
876KB
-
MD5
8d1002c160dfbf7816024302ca86dd0a
-
SHA1
b1aabf15fb0820665e0c565acd8abe1baa0dffbf
-
SHA256
351cf2dc95adf5b3f54c2927a9346b66114315fbd2bba17db7d8f2cbe9c8a1f3
-
SHA512
c4d1b336b6656f8376c1e11e443e4aa44fe965e3363f0b0b364e47508dac54ebbd1ac3a35694054c38c1617492b9a504a6083e796c575beff6a62f6aa99c78b3
-
SSDEEP
1536:n9npGEch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+N:FkY
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Formbook payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-