General
-
Target
SecuriteInfo.com.Variant.Jaik.107269.5046.9762.exe
-
Size
286KB
-
Sample
221207-bv8t1sfb6y
-
MD5
3e22bc223e94878c8b380d6bfc4bac20
-
SHA1
321b6e9c30f9391c3ca00e0025ee4cf19e17f4bf
-
SHA256
0d09e99b2a15cae89b2b6c61ae744d8437b2289615d909ee58ee52ac865b5872
-
SHA512
cf16b16a6d52de369d2d3ecc14378ac7e6a331ab942f7efb5b6db914ecb70c0849b4b8ee84bdca74792a71e629b8d0dfbfcf2a750c1996e850737aa144d58719
-
SSDEEP
6144:LBnbBIuIily2SrpGAthgLVgaxMACC/u8RJyU39soBvWT05r7n1:FJTly2SsAtmLVgaWlyu8RJN19W0Z
Malware Config
Extracted
formbook
k6n9
NzUYPBPnE+UWNJX0b/5zZQ==
ZcsDmdfNeiREr4loZ9k=
p4Pecr+pmTFp+Az4AGoSpvqp
4jwUP0ApYThdpDmZcNp+xuej
0tmQjRQKSQbR0N86
MgfR+qwWljDdagbsn8Ukr8bc8A==
shQ3YCpOQPp/9g==
Q4mmwEidJLBJug25c6Vxcg==
OM1kEJDdGNpv7nMy
7FmP1iykTQZ7q0Hq5g==
9lVGWV44H63+A5oGc6Vxcg==
Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE
xJMBmQj3MRDV7MBXzEep
mJpebAH7RkkGGbsZwZ/weg==
u6FXU+JCphyVyCsUBP0Spvqp
B/mwulPBDRm5q0Hq5g==
E+JiHcUb7gR+8A==
BgGOL5SLfQ9BzuPDxzeVKEIuOKDL
wZdfmzTbOcnEF3Mi1QnVpPCo
J63Z+Jv5L+JOhd+zc6Vxcg==
Targets
-
-
Target
SecuriteInfo.com.Variant.Jaik.107269.5046.9762.exe
-
Size
286KB
-
MD5
3e22bc223e94878c8b380d6bfc4bac20
-
SHA1
321b6e9c30f9391c3ca00e0025ee4cf19e17f4bf
-
SHA256
0d09e99b2a15cae89b2b6c61ae744d8437b2289615d909ee58ee52ac865b5872
-
SHA512
cf16b16a6d52de369d2d3ecc14378ac7e6a331ab942f7efb5b6db914ecb70c0849b4b8ee84bdca74792a71e629b8d0dfbfcf2a750c1996e850737aa144d58719
-
SSDEEP
6144:LBnbBIuIily2SrpGAthgLVgaxMACC/u8RJyU39soBvWT05r7n1:FJTly2SsAtmLVgaWlyu8RJN19W0Z
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-