General
-
Target
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
Size
224KB
-
Sample
221206-jxpg6agh39
-
MD5
f1f6b87aa6a7bb1c6a2beda153fc607b
-
SHA1
2964b06681eefb74a586b17756428d6c0cc08bdd
-
SHA256
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
SHA512
694c35b6c161358628c0f6ec0d3233fd7b2ade2cade6547f9cfd447e46c52dd0226d95f35da0a8c57f58bf5ace49d20c49cac36ad2d327f6c90cff755ea819cb
-
SSDEEP
6144:QBn185+KUnqBjp5S+xXVkWo3zAc/Enof7PdS5EYEdB:gaAyjp5SCVvo3zgof7P8+YEdB
Malware Config
Extracted
formbook
henz
IxWMb+jVsoinShuZJzk=
TPfKgQZ//oGnKr/J
EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M
KebSmiCP9p8yUw==
HAt/ljkEuqMLHOLCi53Pv8MKX9qk
CY4ogZTwJc4vSw==
WWDIx5UYUDyepntE0YIAPca3/rI=
+Pkr01Lfb2rME7bL
S5nyK0p8jS2xdwQ=
W/oqvlO57LfkLcLHnQ==
zrrwtqkTLwxulm4l8FGopw==
AqucYext8bzFbOKthIm8E6gfVkUHxKY=
OfnjeDs78+RTcz4OHRl+
XKf1wwpZR5hLLjHgmUGOpQ==
JMyhSLoJPTCwn5o9zX2d8i1+
Wk54MBsDhWSVbnIRkQ==
7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==
hH/EYxN+jC2xdwQ=
S0F4ORqDjS2xdwQ=
0o/UwXnuJ+sJp0cOHRl+
Targets
-
-
Target
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
Size
224KB
-
MD5
f1f6b87aa6a7bb1c6a2beda153fc607b
-
SHA1
2964b06681eefb74a586b17756428d6c0cc08bdd
-
SHA256
25d4c0553804fbcb055f1465780cfd4b920fb2d9e9eaaac87f7c1d0cd8e9f584
-
SHA512
694c35b6c161358628c0f6ec0d3233fd7b2ade2cade6547f9cfd447e46c52dd0226d95f35da0a8c57f58bf5ace49d20c49cac36ad2d327f6c90cff755ea819cb
-
SSDEEP
6144:QBn185+KUnqBjp5S+xXVkWo3zAc/Enof7PdS5EYEdB:gaAyjp5SCVvo3zgof7P8+YEdB
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-