General
-
Target
70c2bfb3dd7b6467020e6ca5d7f037a3.bin
-
Size
326KB
-
Sample
230127-qt8vysbd25
-
MD5
8e5163d81be2ff4644b6aef2094f0cfe
-
SHA1
08d526da2f7187fd02b33f0d48171c3ebead4221
-
SHA256
3b517c67d25ab6fb2a348e1a256138b26820ac69d5bd71ddaa840a6592657220
-
SHA512
e2bbb0cffdb2eba2b88c5c3cfe8e47304613d229df9c7294a8276dc50540063d019443d0cdcdb2e4535ba2f5bd20e4ef267196252215abc94899faaf852d2479
-
SSDEEP
6144:HmO0R5kQLi/wfou87aQ7eHIIvygnsTqBdSgWrzPVwa0JbvpcRW4hw2Krlu4rE:GO0nkQLi/iou87PyHlyqsT3gWfVwFTx4
Malware Config
Extracted
formbook
4.1
w12e
poshsalon.co.uk
ideeksha.net
eaglebreaks.com
exileine.me.uk
saveittoday.net
ceon.tech
estateagentswebsitedesign.uk
faropublicidade.com
depression-treatment-83678.com
informationdata16376.com
wirecreations.africa
coolsculpting-pros.life
ethoshabitats.com
amtindividual.com
gotoken.online
cherny-100-imec-msu.ru
historicaarcanum.com
gpsarhealthcare.com
kx1257.com
abdullahbinomar.com
Targets
-
-
Target
ab0b1f056d4030a9988c12df83064169e07f5cd2a9e7c51833ff057d2d8eedf3.exe
-
Size
340KB
-
MD5
70c2bfb3dd7b6467020e6ca5d7f037a3
-
SHA1
3fef1cb454c1760936795c94f4504bf0f9ee00ba
-
SHA256
ab0b1f056d4030a9988c12df83064169e07f5cd2a9e7c51833ff057d2d8eedf3
-
SHA512
e43b2c79e0aa5223a633d2018ca04b3371a4242dd1da4c41a2dd2b5e4d815557f0e2704f0ef47f937802abc19495f16260800c3c0ed009e9b8c7a524cc39f538
-
SSDEEP
6144:vYa6TI+l4BN5yJ4PE7baks7hlP/WUC7NRXTLYaJqSSFvVDzqFGcGn13:vYB4BN4+87baF7XGUERjLYaJqXQGcGnN
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-