General
-
Target
Order.iso
-
Size
336KB
-
Sample
221219-kvfynshf5x
-
MD5
9af86248ada506aba1c51c368c75449d
-
SHA1
d665b0eae5d4619b47af70c5275a35cea6d55bac
-
SHA256
deb46fda5265b6468de94e80cbb327ffdf1018878042cac960c0c5ed15a5cb7b
-
SHA512
323499a37e53de6ec1def506cea1c446bbb0fd0d09d859da566057bfe823168f84bfc12a48ea88a26f9b08e26b44b702d12f3930478ee546bf02c2dd6f811183
-
SSDEEP
6144:2kwtd2QvDC3Wol85o0Fv7UbxoNdyY5A0UHpMV1s3CvPqPY551:qAQvGWouCaUbU+pMQSncY5
Malware Config
Extracted
formbook
scse
SKpYFyVNT2zunKf0uuM=
FlEHUseI7I5XbrO8fR/XBcS9ZA==
FPuxoUOxkLiATugw
VKdxsDSk0jdT5Kw=
FpqHf9iI/1tl97E=
YGI6sIl3UIxfZvlD+JiUuuLR
oBAEO0suBEAD5aK00A==
RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==
VFg9s3W0/Ype8A3cZb+D7g==
hwD+VNd6014nrsaTWm4FBcS9ZA==
zkAdUq1soKYUfZaTqLmL
XVQ9WbRivUIQ477a/hKv+g==
QireF2geizAwmp674AGc5g==
PSTUQxs6j8OATugw
LHJhyy2VbX8NEqf0uuM=
MiY1vg6T3HqATugw
wqkUjaVXnGgBqA==
jUr/eUtSIT01Wegt
PjQidcqKzAbSZICUZb+D7g==
OkAmcv12sUEAIHwFHakzdIo2FPHw
Targets
-
-
Target
Order.exe
-
Size
275KB
-
MD5
40c08389f9b3ac964f7a1188f51dfb7b
-
SHA1
05b6fb387f69441d4107227d361d3b8ffef821dd
-
SHA256
426072e14b14fa10a6bf93d53c6bc17ab8d6c0871411dfece93bc765fd7d55ef
-
SHA512
e42e4cee19cfd90c0fee5ca6ee9425cc257524a1c4de02f94a2b01bbb99679c8794c981eec61f743afa0e8afe5bb744299033695f71fede7b6e753f97e17cbf6
-
SSDEEP
6144:Lkwtd2QvDC3Wol85o0Fv7UbxoNdyY5A0UHpMV1s3CvPqPY551P:bAQvGWouCaUbU+pMQSncY5b
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-