General
-
Target
9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
-
Size
247KB
-
Sample
221208-3cstmaeg6v
-
MD5
f063393c962fb4e0fa870e5559ac2a6d
-
SHA1
8cafbf2c10d5a1e2f51c4bc19db681c0d664d0ac
-
SHA256
c4d532fda3122d9278a0ceacafe86d5d7308f111923e4a099640c8fc60d07598
-
SHA512
3c12a851bf346eb57b40da292418726a9a5cd7bcf6f6987e57cdac280910715fe854ff333c7dac2fbecc1e75f7f44613746020012e312f85e00b1b77c28400bf
-
SSDEEP
6144:HHwl9xBan3dcjAOC4tp8k4Hg2Y5nkjtPPrmK7MP4wz2l7dlP7O/iD8:nwl9xATOCm8kaIsPaKoPtzk7dpu
Malware Config
Extracted
formbook
4.1
8rmt
3472cc.com
takecareyourhair.com
kontolajigasd21.xyz
daihaitrinh.net
syncmostlatestinfo-file.info
lovesolutionsastrologist.info
angelapryan.com
rio727casino.com
jjsgagets.com
devyatkina.online
thegoldenbeautyqatar.com
czytaj-unas24live.monster
timepoachers.com
gayxxxporn.site
72308.xyz
kristanolivo.com
hijrahfwd.com
bmfighters.com
alfamx.website
handfulofbabesbows.com
Targets
-
-
Target
9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
-
Size
413KB
-
MD5
a2b43ba6d6a6af9f0fa07cab1a1ffd64
-
SHA1
0d63ee2545439dff61486e040fb8d921bee79ae3
-
SHA256
9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
-
SHA512
2a1105023880ae650ba67f2d657f3c0fe8c1a84c40a5a9ac5303f0c666226c454c40893f79073e816d14d873a3b583803934f9540a9ee7a604318affb1b427bb
-
SSDEEP
6144:LBnmyK4O/ekC2y6gPWJ6OC4tp8k4Hg2Y5nkjtPPraKFMP4wzSl7dlP7O/9Dj:Q7e6gPPOCm8kSIsPWK2Ptzo7dpy
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-