General
-
Target
dc99d626b36e12c70bcb745c3b7894eda7d7d7c788978eb5ba17beca18e995ab
-
Size
939KB
-
Sample
221208-cwz4yagg73
-
MD5
d85362ebed4b1ec73421fcad1b1ad03d
-
SHA1
70ec5402777057c0ac6cab40698380812341e325
-
SHA256
dc99d626b36e12c70bcb745c3b7894eda7d7d7c788978eb5ba17beca18e995ab
-
SHA512
df86d90a862061cf0bea7f8afa75d251be726e6326d778aa52f6e41d322238bf1341d116aa13e878d33603fc2a34d67000b11372c4cc35bd536b3b99e99c4a0c
-
SSDEEP
12288:ccr2iNUY4IWGjCRqCLg883vVB6l+Gjg34eYJPLByqzNMP1gURVrDJnR6haKnlUvV:3r1ONGjU3LgT//m9jgoeiLBI
Malware Config
Extracted
formbook
w086
F6jSz+l9QmYXguG/xUipf/6ixrik
cQZre8twfBVOOJgLenGTGA==
pG5kW2/wqwEOCVxZ
KORXeYwt7wF8J3BR
HL0ZdBMjeHet
TR57b4Yi6wJ8J3BR
fRyK2yaqeDRGHiQTTw==
RwhsqfRxABNZS59wenGTGA==
GuZaY4H4ahcWKjUdVg==
I5C4/Wyz3fglj+o=
Te5QPEu3NjZ0P58LenGTGA==
M9YJLwifZIi9pfnj2Nj/kA6+ZlU=
c/JFdRndG8f/HiQTTw==
nMmcD1UjeHet
QWR7+9Rh8/l8J3BR
9MD+BzOyI6mXtM4w6LMyEA==
WABgaYPqdJzl2TviGbdH
02OexRebqj3+U2kXhQ0=
j17M2R3/fQwFHiQTTw==
dQpReYss5/l8J3BR
Targets
-
-
Target
dc99d626b36e12c70bcb745c3b7894eda7d7d7c788978eb5ba17beca18e995ab
-
Size
939KB
-
MD5
d85362ebed4b1ec73421fcad1b1ad03d
-
SHA1
70ec5402777057c0ac6cab40698380812341e325
-
SHA256
dc99d626b36e12c70bcb745c3b7894eda7d7d7c788978eb5ba17beca18e995ab
-
SHA512
df86d90a862061cf0bea7f8afa75d251be726e6326d778aa52f6e41d322238bf1341d116aa13e878d33603fc2a34d67000b11372c4cc35bd536b3b99e99c4a0c
-
SSDEEP
12288:ccr2iNUY4IWGjCRqCLg883vVB6l+Gjg34eYJPLByqzNMP1gURVrDJnR6haKnlUvV:3r1ONGjU3LgT//m9jgoeiLBI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-