General
-
Target
SecuriteInfo.com.Win32.InjectorX-gen.32696.11916.exe
-
Size
782KB
-
Sample
221128-kjqczaee5t
-
MD5
a5e7d643822b4bec515727dcb5a81654
-
SHA1
378be3dff71b0a5486758091c71149202e19e78b
-
SHA256
dc35d3d87c8f062b000472a46ec166c5bf8f399f95c02717eab4ce542043afd7
-
SHA512
f3f7db1e7d2d05c0ffb96f829b1cc93692dc8130175e67398a9626e475f0a6472641cc57417a7ad39df765bb5b350b408b99bb98fe9621f6c082cd3c091241af
-
SSDEEP
12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZ0RDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZ0Z1Hap4nya6RxY
Malware Config
Extracted
formbook
nvp4
EiywrQNofDNveWY1IESoBA==
yqEWFGRfErX7ICQCwyQ+YeLXtaA=
Ers0rc50nbjso0jbdZTmBw==
XQxVP45+F5OZn3ZBTC7MLe1OF3G5c5uK9A==
RHh4uwtsttjzlxy+eW3+
W+xQshfnvmF5n5x2d+cEVdBNIkQRHRE=
FwlyiuXNX0+Trw==
euLn91on/7DeDe++zbQ4YeLXtaA=
td4cO8m3HDRWtl8p7Q==
ZrlyAAPqc3GXI5k=
OM0IisKOI78FJC/IuIxxAu5nRg==
d6A0QJ6PV+AOpyK+eW3+
+EgxFWUu3Ulatl8p7Q==
GC/stck1ILXn+cWZx7w8W6rPFmO6c5uK9A==
hhIiK4+CKEOfB4tr
mA1pyQ85ye8N
4xgWYcEpEoidv8eXKNncAQ==
L+hOVbe+IWyc8oVUclc=
J7EGaJ+L+wKLXUYg7w==
L5R/nfdgQdMHD+TUKw1Zo3Hb
Targets
-
-
Target
SecuriteInfo.com.Win32.InjectorX-gen.32696.11916.exe
-
Size
782KB
-
MD5
a5e7d643822b4bec515727dcb5a81654
-
SHA1
378be3dff71b0a5486758091c71149202e19e78b
-
SHA256
dc35d3d87c8f062b000472a46ec166c5bf8f399f95c02717eab4ce542043afd7
-
SHA512
f3f7db1e7d2d05c0ffb96f829b1cc93692dc8130175e67398a9626e475f0a6472641cc57417a7ad39df765bb5b350b408b99bb98fe9621f6c082cd3c091241af
-
SSDEEP
12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZ0RDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZ0Z1Hap4nya6RxY
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-