General
-
Target
57A049E4822FCF7F1732C25AE3E0096E573066331716D81E4035DA3667D565BB
-
Size
201KB
-
Sample
221213-2rrdnsbe6y
-
MD5
106dff88a38082dcdb77072e8693a245
-
SHA1
cf32626a189d9f439033fd34a281425614cf3df2
-
SHA256
57a049e4822fcf7f1732c25ae3e0096e573066331716d81e4035da3667d565bb
-
SHA512
520305490d5bfeb8670fdd0e6ae519a76f7b4b686480bc3ebbf94cd9097636999a6f2400874e5b3ab05fe31e03d83e593b51a8051d365fbe71f10022c359d527
-
SSDEEP
6144:OXUlW45+MMBe8u3uLQebM414JnnW0rCkL:DldHBM14BMkL
Malware Config
Extracted
formbook
4.1
je14
innervisionbuildings.com
theenergysocialite.com
565548.com
panghr.com
onlyonesolutions.com
stjohnzone6.com
cnotes.rest
helfeb.online
xixi-s-inc.club
easilyentered.com
theshopx.store
mrclean-ac.com
miamibeachwateradventures.com
jpearce.co.uk
seseragi-bunkou.com
minimaddie.com
commbank-help-849c3.com
segohandelsonderneming.com
namthanhreal.com
fototerapi.online
Targets
-
-
Target
jetsoff6543.exe
-
Size
214KB
-
MD5
3052597dc463bafa0c102a204dbf58fc
-
SHA1
bc083a8e34abfc24ea8b94b1325354ea2f4a08bb
-
SHA256
84a150ec171d193dbd5738ade685f3225716b6945e59625ce458f0a9069860b8
-
SHA512
9925797cf5061017bcfbf37ab968c0ddeda7e7abd6d2db8abb62aeb6ca0a711672b1cfd9c8a3ef7af07cedc9b7a4d8d0071a2371caabaacd9323d270ab6d4246
-
SSDEEP
6144:qweEpoJiPJhQxjr858KG3NLsJrdtvUlAg:boJi0xnYUaJpx5g
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-