General
-
Target
0c4ba49409a1657eb9d7fb2aadb86c0653ee9760fca291b58f9e7cc25d69ab34
-
Size
918KB
-
Sample
221209-cl1mqaca95
-
MD5
0a345135b404efdd0884368a3c68bae4
-
SHA1
d74d76b39993a2555a06727f769463bb538b1484
-
SHA256
0c4ba49409a1657eb9d7fb2aadb86c0653ee9760fca291b58f9e7cc25d69ab34
-
SHA512
1fca159141ed11357fe24c506a7066135ad59b4f8c6b5763d0a82ff3138ae84f10aeec494dc203cbe92f4f9f8036eb9c42e8ca5456ebca98f3d4df8e92d59268
-
SSDEEP
12288:0SZMrD2ZT3p6nLmoXKtzZ78+xmH/aJIiV5jlR:XBUnstd78+wHYF
Malware Config
Extracted
formbook
roz2
jTSEx/DqnWrhnUQ0UQ==
+8219xzGmr2teTrY+fSBK+NOiLc=
/6YHkqNBJiBHvzaT9f2W
56INgrlbOqaBFx2UX/U=
g0J6uduFMzkyC89A1m8MyELra5CYkg==
WAvnVEtqSgNq4NWIGAXQDw==
rlIzjaLSfvwnMJi2
hfKU4ncqea/ITgg=
YNFrxuPv2d1k/QOeQJqGeyg=
t0g0iJ7Nd90i20hzLkEVRcDa
1FRIgZcmCDwh9ACnP5qGeyg=
DgycCCcM7dZP0NaJOpqGeyg=
Hv2jETNeVgEnMJi2
iQT+U40uH2BeEMBvoaNh2I7D
B47/RHqHdm7inUQ0UQ==
HNWL4RdJKOonMJi2
E42gATYJ7NxBxcCv01T/Y925Vnt0
P/rfWIvXyITjrXNcBASU
3pfoX4MmDD0TnTKT9f2W
YevnQ1Wrj/z3k04K1GUjjiA=
Targets
-
-
Target
0c4ba49409a1657eb9d7fb2aadb86c0653ee9760fca291b58f9e7cc25d69ab34
-
Size
918KB
-
MD5
0a345135b404efdd0884368a3c68bae4
-
SHA1
d74d76b39993a2555a06727f769463bb538b1484
-
SHA256
0c4ba49409a1657eb9d7fb2aadb86c0653ee9760fca291b58f9e7cc25d69ab34
-
SHA512
1fca159141ed11357fe24c506a7066135ad59b4f8c6b5763d0a82ff3138ae84f10aeec494dc203cbe92f4f9f8036eb9c42e8ca5456ebca98f3d4df8e92d59268
-
SSDEEP
12288:0SZMrD2ZT3p6nLmoXKtzZ78+xmH/aJIiV5jlR:XBUnstd78+wHYF
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-