General
-
Target
Consignment Notification- 705643291.exe
-
Size
226KB
-
Sample
221206-krldzsbe97
-
MD5
a60cbdaf4f35894d7970f9bcf606acfa
-
SHA1
fe4a22af06fb8d122065dfb0683a7dd9c6baae9a
-
SHA256
6a7b8ed7f2cfe7f8a3030df54f1ba443025c54e5a15d416469aac2a696d7bf1d
-
SHA512
7b9822089f6251b116e589140473e8f671568bd45b954c505ab77163210594fd4a4b0905d9dce3b601d50ee217e8f4c06f9fc05cae84873b2498f8c1d3d7b323
-
SSDEEP
3072:QEhKzShSycSMIZLq4ziw2z2nsfvTdob43u27OP4XrefAKNdOR6XgrhedPZphUYk:QBn1Ig4DvNb43m4qO4Qr85k
Malware Config
Extracted
formbook
yurm
X06d1tis1GUX/R0g87Ud
BKiZ33D1P766GVXO1ZwV
lAFdjB7CSxGX8Trz
Gc7dWizTVxWX8Trz
tDkr9JAfi1OHAW1PGOageIp4
bCpMtHKU3mVp8BY5sQ==
7WKpsMWt8nsrhJClJeOZNg==
0A9KTlETQ86Cmd8k0o5NP5RwCg==
aJ61paNJztSp42c=
CrgoA8ySIOsytCbO1ZwV
i46SnHYDD9tTIHI=
XFRCRCjtFZeU3x4Rn3xfD5BnPz+RDA==
c4CZghuHvzW9A31gEz0d
QAjzz9qyRRWBNYseAI4M
Jpbmu4A1YvBvN3ruZgiRmJA5BCFd
PfoFXGNFhhuX8Trz
bqCfk0m8ApAl+Tm1Ms5Tb23IT7tS
z7INff7HNALxc5HWq2/ftrVR6A7R1zvTUQ==
m7IShV4LSFxbqxhrVsZ1Ig==
BHRp7q0gtoRuqBRnVsZ1Ig==
Targets
-
-
Target
Consignment Notification- 705643291.exe
-
Size
226KB
-
MD5
a60cbdaf4f35894d7970f9bcf606acfa
-
SHA1
fe4a22af06fb8d122065dfb0683a7dd9c6baae9a
-
SHA256
6a7b8ed7f2cfe7f8a3030df54f1ba443025c54e5a15d416469aac2a696d7bf1d
-
SHA512
7b9822089f6251b116e589140473e8f671568bd45b954c505ab77163210594fd4a4b0905d9dce3b601d50ee217e8f4c06f9fc05cae84873b2498f8c1d3d7b323
-
SSDEEP
3072:QEhKzShSycSMIZLq4ziw2z2nsfvTdob43u27OP4XrefAKNdOR6XgrhedPZphUYk:QBn1Ig4DvNb43m4qO4Qr85k
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-