General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
-
Size
791KB
-
Sample
221129-x9hf9shf83
-
MD5
b94ac3cb559832fa92e65b6a127ba7e0
-
SHA1
def0dd941e90de0dc3d077033dbc234e86bcc077
-
SHA256
c1fd700322fe5a908b87744730a34c923c9db9163adc0d018545c4ab285a31b9
-
SHA512
b221425dc8dc5058fed6ef7a7200dde81f89788fc54bc709b261bd7c467737d5528575de33da853828c200bf6c4d83c4a706361d64ffc142ab6b6d3d02034164
-
SSDEEP
12288:vOvEq3qsQx8CuOrz/fsjE+en9+Ijp4mcDTUO95e6ANXJzvFC:zq3qn8CTrz/fswj9+ISmEVC6Ajzv
Malware Config
Extracted
formbook
fqwu
N6XHavFRXQTRmNUkF9dn
EoaWTgFMmLFmUJ7CJNkTiGoj5A==
Dm+WNJDwSQa5cML3Q7EBiGoj5A==
nixR8ZCkOWjqrASBuic=
yvWQNApkdf4QYIih4+xUDY0=
RtmBQtDYDb50g8btXA==
8SU541y9Ec12NYK8PSOfA8OPpaphimY=
/yEvxvlAkquuY3W1QQ==
AlHZgYW4BiI9V+M=
YsHIUsAOO15j+9TnWA==
JJu1S7QIIMij0xUqlUtv
CmWBLrD98YnyUCCFvy0=
uPwhAVEvtu1rTuY=
PI6bR88GVGXmRlpxpKjtBpo=
GnL7qs9HVQAiF6ckF9dn
2zVeBFKZgO1rTuY=
2VI1VpOg7boCAFxvrWN3ys9rovE=
L1lO62zA2o1QEEZRQtgh7g==
brhF5dY1e3zmSyCFvy0=
U6m2TsEidTTdsA5kX8wh7g==
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
-
Size
791KB
-
MD5
b94ac3cb559832fa92e65b6a127ba7e0
-
SHA1
def0dd941e90de0dc3d077033dbc234e86bcc077
-
SHA256
c1fd700322fe5a908b87744730a34c923c9db9163adc0d018545c4ab285a31b9
-
SHA512
b221425dc8dc5058fed6ef7a7200dde81f89788fc54bc709b261bd7c467737d5528575de33da853828c200bf6c4d83c4a706361d64ffc142ab6b6d3d02034164
-
SSDEEP
12288:vOvEq3qsQx8CuOrz/fsjE+en9+Ijp4mcDTUO95e6ANXJzvFC:zq3qn8CTrz/fswj9+ISmEVC6Ajzv
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-