General
-
Target
27d5822dd4cdeafc49c43ccbb21ce23d954880fe396902ce9e5b5dac81a6cf84
-
Size
7KB
-
Sample
221128-tj8c8abd51
-
MD5
af5bbd736013f8528a3bd005472d32e4
-
SHA1
0a3445d75d92ee7b1b9e76d22ac72f775f2481f9
-
SHA256
27d5822dd4cdeafc49c43ccbb21ce23d954880fe396902ce9e5b5dac81a6cf84
-
SHA512
ce2e34520912ce40285598776adb55fd34c3882903ce3722728556070036144d492599147b84dac03267501a4d919219260fc16026da0cc6503859234c071320
-
SSDEEP
96:YICxjg4TvWzBuUPhsMYJCMuH7q+rDPfkHHJkZjTA3GnUODL:YfUuUPhhdbqASHa5Av0
Malware Config
Extracted
formbook
4.1
dv22
ivk-muc.com
theplantgranny.net
efefefficient.buzz
car-deals-87506.com
yangcongzhibo.net
empiralventures.com
latexpillo.com
ferramentafivizzanese.shop
kx1553.com
timamollo.africa
paran6787.net
fabicilio.online
kreativnettchen.shop
manakamana.co.uk
andreapeverelli.shop
jianf.site
kmqan.xyz
aoshilang.com
dnsmctmu.com
pumpkinsmp.net
Targets
-
-
Target
27d5822dd4cdeafc49c43ccbb21ce23d954880fe396902ce9e5b5dac81a6cf84
-
Size
7KB
-
MD5
af5bbd736013f8528a3bd005472d32e4
-
SHA1
0a3445d75d92ee7b1b9e76d22ac72f775f2481f9
-
SHA256
27d5822dd4cdeafc49c43ccbb21ce23d954880fe396902ce9e5b5dac81a6cf84
-
SHA512
ce2e34520912ce40285598776adb55fd34c3882903ce3722728556070036144d492599147b84dac03267501a4d919219260fc16026da0cc6503859234c071320
-
SSDEEP
96:YICxjg4TvWzBuUPhsMYJCMuH7q+rDPfkHHJkZjTA3GnUODL:YfUuUPhhdbqASHa5Av0
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-