General
-
Target
0a3a7cba003467f2d1976ba842d155dc.exe
-
Size
332KB
-
Sample
221209-yspdxseb55
-
MD5
0a3a7cba003467f2d1976ba842d155dc
-
SHA1
76327dbc584a204335aa840cf2ecf1d956459ed8
-
SHA256
856e9dc2812c572a9023f02503c471addbf8a82be5aed8454cc6254f899caccb
-
SHA512
9fca4b455b0b3e911222a3da1c6c2e15bd4042d6c0a9860fae4e173cec81f8c6a97e05ba4fd7f64f012a8c49d4c440aac7a749ad244f1b8e64c5eb1e1a06a5d6
-
SSDEEP
6144:9kwvbmtv3a9uj5joIvbmcZwd4535p3pkRC9XrtDgwLKTqSVN3DhMggWnC:7qtPaQNjjZc453Lp0KXpfLK+SVN3tHLC
Malware Config
Extracted
formbook
henz
IxWMb+jVsoinShuZJzk=
TPfKgQZ//oGnKr/J
EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M
KebSmiCP9p8yUw==
HAt/ljkEuqMLHOLCi53Pv8MKX9qk
CY4ogZTwJc4vSw==
WWDIx5UYUDyepntE0YIAPca3/rI=
+Pkr01Lfb2rME7bL
S5nyK0p8jS2xdwQ=
W/oqvlO57LfkLcLHnQ==
zrrwtqkTLwxulm4l8FGopw==
AqucYext8bzFbOKthIm8E6gfVkUHxKY=
OfnjeDs78+RTcz4OHRl+
XKf1wwpZR5hLLjHgmUGOpQ==
JMyhSLoJPTCwn5o9zX2d8i1+
Wk54MBsDhWSVbnIRkQ==
7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==
hH/EYxN+jC2xdwQ=
S0F4ORqDjS2xdwQ=
0o/UwXnuJ+sJp0cOHRl+
Targets
-
-
Target
0a3a7cba003467f2d1976ba842d155dc.exe
-
Size
332KB
-
MD5
0a3a7cba003467f2d1976ba842d155dc
-
SHA1
76327dbc584a204335aa840cf2ecf1d956459ed8
-
SHA256
856e9dc2812c572a9023f02503c471addbf8a82be5aed8454cc6254f899caccb
-
SHA512
9fca4b455b0b3e911222a3da1c6c2e15bd4042d6c0a9860fae4e173cec81f8c6a97e05ba4fd7f64f012a8c49d4c440aac7a749ad244f1b8e64c5eb1e1a06a5d6
-
SSDEEP
6144:9kwvbmtv3a9uj5joIvbmcZwd4535p3pkRC9XrtDgwLKTqSVN3DhMggWnC:7qtPaQNjjZc453Lp0KXpfLK+SVN3tHLC
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-