General
-
Target
PO KIPO000903 KIND122822.exe
-
Size
636KB
-
Sample
221128-z6qdtabd6t
-
MD5
3b61d04e555f74f42e22c71a5885ac71
-
SHA1
9c774e98b87394627d311a552d8bde85d57b327c
-
SHA256
ab2af768a15bf36f36de51389f4ee62cb0816779473a53716cee76734bda7538
-
SHA512
f7363fa7857e791e6fd9320fba7c1d3927fd4c0aa6a7935a88ffabd747323f0e93d12a8f3c4be2625606e86c8f612e4271ef9ee41848d3bf2a8bdc4fed328f70
-
SSDEEP
12288:yucKpbKbf92TXwpL3sMcIobFB5BD8tVvkwkrscPA3QR+:yF4bKOORcIoxBDr1P/
Malware Config
Extracted
formbook
4.1
d94i
drain-pipe-cleaning-74655.com
culligandiiy.com
lknja.shop
salon-atmosfera.ru
steamgeneratorboilers.com
drain-pipe-cleaning-30896.com
dinoton.fun
feed-v.com
aym-brum.co.uk
bxztil.xyz
infinite-transformation.com
caticmicro.com
abrahamgranda.com
cleaninggem.com
hi5279.com
jainsdigitalservices.com
cglsuperset.com
kephatonrx.com
babyhandmold.com
braceelet.com
Targets
-
-
Target
PO KIPO000903 KIND122822.exe
-
Size
636KB
-
MD5
3b61d04e555f74f42e22c71a5885ac71
-
SHA1
9c774e98b87394627d311a552d8bde85d57b327c
-
SHA256
ab2af768a15bf36f36de51389f4ee62cb0816779473a53716cee76734bda7538
-
SHA512
f7363fa7857e791e6fd9320fba7c1d3927fd4c0aa6a7935a88ffabd747323f0e93d12a8f3c4be2625606e86c8f612e4271ef9ee41848d3bf2a8bdc4fed328f70
-
SSDEEP
12288:yucKpbKbf92TXwpL3sMcIobFB5BD8tVvkwkrscPA3QR+:yF4bKOORcIoxBDr1P/
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-