General
-
Target
altek inquiry_06122022.zip
-
Size
218KB
-
Sample
221206-qvapjscc96
-
MD5
2bf3625232c6fea632f5596b7b8c78f9
-
SHA1
e458490bd8ca63dfee245f16062e24b54a9cf74c
-
SHA256
bbfb7385cd800a7b207e56e43ab02d45363efd42467e265a19ae8c52d84ef9f6
-
SHA512
289ce66e6d05332ead79e3fd5df132929dd8e595cc7c47eda6f27428c74c134815cbe136cbbb730f2e37615d86f099f918a6044896419197c199e2ed02fd354f
-
SSDEEP
6144:k5Wh1/iv3Ux2vjeM5E4fR9hKWb8YPo9hU8CkP4Byio:kQh1qv3yfKFPTkPUyio
Malware Config
Extracted
formbook
m5oe
HdR8hG6r12hBYuHY4zv6YeeFPQ==
tD1V9gswYvgQXEGd
1xKtJ1LdqRYMRMC84U1A
MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb
joVB5Xggy2RtE+odsZg=
TrduAIay6Y3SvoIK20xI
pSna7LOsXXwXT/zz3Iow4g==
QnthmO4Qst5gC3sDoA==
eAirzOOgO7SOCenz3Iow4g==
xg0uSbfLTg==
YWQXwyGRzPEHzGrDFE8CBSE=
ujLnfuXoH9dbgHIK20xI
291v0XsGFrYQXEGd
MRvTd/qMuaHpjCM=
X131fLC6VWX4MsvCb2IPjIfq8wlksWfg
Y9Bur8DbgqFt/Yni86MMCCE=
q6RTBmJkmy5pWTmmCCrvmuCDPw==
mQS26DojT+EQXEGd
sjHQ+Kav2Wx9FeodsZg=
JA24UKnTA5re1LhcQaVo/w==
Targets
-
-
Target
altek inquiry_06122022.exe
-
Size
240KB
-
MD5
57e28993ff25e296f1671cf08842bc72
-
SHA1
789a67ffbbfbdbd722371580a26f6bb39f86124f
-
SHA256
ef183500f8b2a320013adb7f7594aaf7562d43cfd17026f8c7a4cd26a243965a
-
SHA512
76820c62bb5f5ce2cbfcf98aaa8b6f2d1c3acb28aeb972b7039ce63e4bb0072867425477bf80ae09c4a11c1c14257d94a40d666aec782f01c4781ec1235d046c
-
SSDEEP
6144:xBnYpliv3Ux2/jeM5C4fR99KWb8YPo9hUCCkPBByiL:UpEv3yxKFPBkP3yiL
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-