General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8767.8779.exe
-
Size
720KB
-
Sample
221128-g928nsge7v
-
MD5
2f1a9826223709d75be19370002f8318
-
SHA1
5d3883d0361f83372f859b319f378cd537ee5ea6
-
SHA256
92d1f9332898d29b815258a651f244ff32296a678b139138df0a80bbb0e553b8
-
SHA512
6f3879194fa4847adc2e908d6ea5f86517dfacdb61bbdca54eeb78b7ba01b02080cba88e9480e3f4905197245e28076dfea84c65386507af1ee58bd07aaeb6ba
-
SSDEEP
12288:gQkKiymD7LxRSnJAyIRASL2jr+8E9sm8LVx4WdoXjenWpJhIn+sCewnJKP2:gQONRSnJAyM5qjlEP85x4moiWpJGn+s+
Malware Config
Extracted
formbook
go5o
fS9ce6bj/U7J6Q==
KPSUZUVU42J3IaXPjqsA
cDR9Sz1n2BN9eTutNa2QNg==
POJskuyBUqUdVp2wiI8=
t9gcQ5yNydIfrO4=
9oakDnoh0VXC
o2Z9n/2iYtDFcJ2wiI8=
GLBJZsgVkt3eXZragNJjYiGQ
axuNlck5BkA8plrI
khk2/+G5g43K
Fauoa7FQG6EN2QyITg==
fgaVrOb4mLl1KGNUX6jkXCU=
HQkML53cm6Ae+zIhRg==
TBodPq4E4AJylpZiNa2QNg==
wHghSq49EVU54E8mChOvRi5W3cn3ItLVVw==
rET2JY8u+TgVpzRtRF54Kw==
b0mCXc5pcXHZ9A==
QfuIoOgHl9IfrO4=
87fV+WQT5IKlSnTqmb6SbSMctA==
E+Yg8EqQKJi9XJKVqrA2i9TO78H53I97
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.8767.8779.exe
-
Size
720KB
-
MD5
2f1a9826223709d75be19370002f8318
-
SHA1
5d3883d0361f83372f859b319f378cd537ee5ea6
-
SHA256
92d1f9332898d29b815258a651f244ff32296a678b139138df0a80bbb0e553b8
-
SHA512
6f3879194fa4847adc2e908d6ea5f86517dfacdb61bbdca54eeb78b7ba01b02080cba88e9480e3f4905197245e28076dfea84c65386507af1ee58bd07aaeb6ba
-
SSDEEP
12288:gQkKiymD7LxRSnJAyIRASL2jr+8E9sm8LVx4WdoXjenWpJhIn+sCewnJKP2:gQONRSnJAyM5qjlEP85x4moiWpJGn+s+
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-