General
-
Target
1dbdfcc60342051ead1d4a55c4fb8ebcf2da98f3e88150c652edfc92d895595e
-
Size
918KB
-
Sample
221209-cl4z5sca96
-
MD5
6cbe1c022bc0bc1a523b5eb0298206b2
-
SHA1
a7d48490f092b8ee99fe1fc7c08fa509e43ccbd0
-
SHA256
1dbdfcc60342051ead1d4a55c4fb8ebcf2da98f3e88150c652edfc92d895595e
-
SHA512
b7a1df6ff178e4b70a67a3a4021b4259cec466a340992f5d534e73c4a16b764eda12476560ed66c39a1ef1e6fadc1c1859ac4caebbd00591da6b4855fadf2450
-
SSDEEP
12288:MrfO2zl8JmpZb633BvMTSlqAAZAbSyqfRBeQUJ1Cka3uzh7:atzQmpZbsMdAbSjfqZMi
Malware Config
Extracted
formbook
6hsc
6cvqXARAGlgdnnbXYQ==
Mi4yZ8FULou6w26U2FDnEbA=
Xmx0bJmRZGL+O0RFfLFNN9AMdwn+
B0WNhyl4T2gWBIqE1VDnEbA=
DI2G9/sG/v6YIh42aQ==
0NTaAl90ZWYiGV/bT4U=
DWCuXrL23Cc3xdIG/0dT
fTbzys/dddqOVQ==
8ClrDFi3i+asgxBOnguhlQ==
YjOkWLSpXeqrXw==
gAIov8vbtv8vr8/tFSXvDULL7thokKA=
xMW2qsXay7xNkonR/zxPo939
xc38fRlgO2opnnbXYQ==
+o31vQlURJKmLUWfHlMq0Gjs
z6GwWxCSKJLJ
2pnQ5evpehAxUt4hd6pq9X71
2CmXDSU2DTmDR+Q=
WV9ScxFQID1V2glQnguhlQ==
L8UDlK65h9wJ7Zeb3VDnEbA=
Agb4LF2bRcDX
Targets
-
-
Target
1dbdfcc60342051ead1d4a55c4fb8ebcf2da98f3e88150c652edfc92d895595e
-
Size
918KB
-
MD5
6cbe1c022bc0bc1a523b5eb0298206b2
-
SHA1
a7d48490f092b8ee99fe1fc7c08fa509e43ccbd0
-
SHA256
1dbdfcc60342051ead1d4a55c4fb8ebcf2da98f3e88150c652edfc92d895595e
-
SHA512
b7a1df6ff178e4b70a67a3a4021b4259cec466a340992f5d534e73c4a16b764eda12476560ed66c39a1ef1e6fadc1c1859ac4caebbd00591da6b4855fadf2450
-
SSDEEP
12288:MrfO2zl8JmpZb633BvMTSlqAAZAbSyqfRBeQUJ1Cka3uzh7:atzQmpZbsMdAbSjfqZMi
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-