General
-
Target
c797ec1e79935bb4186091dd2497ecb9.exe
-
Size
902KB
-
Sample
221212-sdl3csec9y
-
MD5
c797ec1e79935bb4186091dd2497ecb9
-
SHA1
1183605174d54e31c90641de28693b690c1a7302
-
SHA256
484a773ea467d473190ad7c22e0c28ea84c14198dbfe22599508697c2df5773f
-
SHA512
78bc72ab135a9e1e9adca84ebc893c71782e2f4d072ea9b7252892f9200cf45fc3cbb8a2323179e8ab2963a78d616fc8984b6c2f177aa7f089c2542fe25caa6d
-
SSDEEP
24576:oWXvRemER/Q9GeYovTx4GRO3GxSY67GKTgG:oaGu9GLo7xLw3ASh
Malware Config
Extracted
formbook
4.1
ng04
tevimaq.com
easterspecialtystore.com
smartlever.tech
10312.uk
tanjawiharbi.co.uk
471338.com
horusventure.com
empress-care.com
sinrian.com
465951.com
aemsti.com
nxcourier.com
stargatefarms.com
lalyquainvestment.com
dailysportsadvice.com
justlistmoore.com
stoneonroll.online
tatianakolomiets.com
barcodebbm.com
protectorship.world
Targets
-
-
Target
c797ec1e79935bb4186091dd2497ecb9.exe
-
Size
902KB
-
MD5
c797ec1e79935bb4186091dd2497ecb9
-
SHA1
1183605174d54e31c90641de28693b690c1a7302
-
SHA256
484a773ea467d473190ad7c22e0c28ea84c14198dbfe22599508697c2df5773f
-
SHA512
78bc72ab135a9e1e9adca84ebc893c71782e2f4d072ea9b7252892f9200cf45fc3cbb8a2323179e8ab2963a78d616fc8984b6c2f177aa7f089c2542fe25caa6d
-
SSDEEP
24576:oWXvRemER/Q9GeYovTx4GRO3GxSY67GKTgG:oaGu9GLo7xLw3ASh
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-