General
-
Target
0870a4727fcd6ce557f017f0fed61f51.exe
-
Size
343KB
-
Sample
221206-hw5mbaha9s
-
MD5
0870a4727fcd6ce557f017f0fed61f51
-
SHA1
6ad1abe4d5d4f44ea753fb10df927adb1f139f2e
-
SHA256
14afee34b6a36a32b34c61556e46fef92e6a2d9066c758308bb9caea4a94ae2a
-
SHA512
7a97ad7ab0f0f23883ca3ee33fdf5ecca2ee3d28df3295ba3b1f1a04b71c62c7dbb7c3bc41d13ac7a84e286b41d130ef4e07a9ad79e7146e9f44baca513a03c5
-
SSDEEP
6144:ZBnbr9ZL8bM0rCfO4AFSnQNYnx3b+/wmsqplIQ037:HfL8bM9fz8SnQyRWwmxsQg
Malware Config
Extracted
formbook
f4ca
omFHB5ajfJi1UEIEV9XcoRw=
UBjJkmQPyprdhcFF/bdCWQ==
evGKkBUj1je+otcfpw==
KgvGVeOATSt3nug0BIOm2JvOQycB
Lv6o3K0r9aSjI0lr9fg1txw=
LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=
99dte0XauJfk6Xv+uQxJFgA1gMktBA==
21FkkGB9gMniDQw2ffu6
r4lKBM/q6TZwVZfS
F+14qHeVWi56KdQ=
BgWXRsVoICMvvQ==
I+EozFl0Uy56KdQ=
xoXCgEllKEbWfjFCCLo=
qo9G1lXvvGt5GkxrLQWw
ORNlYic0PJ2ip4geEFSv
Yj+GFpvFxy0uVYx1fLI/XQ==
XL+veIKPjOTe4fjvFs+n
D2JKVAfuakXCAyoEvw==
voWJU81tH56wvt/vImbCcgVd
dVEcwFrmb8bZ4vXvFs+n
Targets
-
-
Target
0870a4727fcd6ce557f017f0fed61f51.exe
-
Size
343KB
-
MD5
0870a4727fcd6ce557f017f0fed61f51
-
SHA1
6ad1abe4d5d4f44ea753fb10df927adb1f139f2e
-
SHA256
14afee34b6a36a32b34c61556e46fef92e6a2d9066c758308bb9caea4a94ae2a
-
SHA512
7a97ad7ab0f0f23883ca3ee33fdf5ecca2ee3d28df3295ba3b1f1a04b71c62c7dbb7c3bc41d13ac7a84e286b41d130ef4e07a9ad79e7146e9f44baca513a03c5
-
SSDEEP
6144:ZBnbr9ZL8bM0rCfO4AFSnQNYnx3b+/wmsqplIQ037:HfL8bM9fz8SnQyRWwmxsQg
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-