General
-
Target
APERTURA DEBANCOS.doc (323 KB).exe.xz
-
Size
277KB
-
Sample
230306-twa89adc67
-
MD5
25dd2e5e3997fabd4461c898a613a861
-
SHA1
2defd40acd3bd2bd0a58c742920e7929b1eacc29
-
SHA256
759c173ba1e02ceead75c5a8b9295e4fef4404bf749c38ffcf5a4855863c4fed
-
SHA512
8964e1b301e1ce5740c6d006d8a4d02e518a3845280280856d25f9bbbc7547e329e48ceb1b1e849eeb07d9b7f3abbc53b24129dd874ab9990605a2ec9a9799bb
-
SSDEEP
6144:QNygybzAYBQSBqPNBHmNB5CXaqFM2+Rbsp30aSd1BEQwj:QzczAYBqPNJeBUKqS2Gv1y
Malware Config
Extracted
formbook
4.1
kmge
jia0752d.com
cq0jt.sbs
whimsicalweddingrentals.com
meetsex-here.life
hhe-crv220.com
bedbillionaire.com
soycmo.com
mrawkward.xyz
11ramshornroad.com
motoyonaturals.com
thischicloves.com
gacorbet.pro
ihsanid.com
pancaketurner.com
santanarstore.com
cr3dtv.com
negotools.com
landfillequip.com
sejasuapropriachefe.com
diamant-verkopen.store
Targets
-
-
Target
APERTURA DEBANCOS.doc (323 KB).exe
-
Size
722KB
-
MD5
182bcaad3def25a94746b2d3208ad567
-
SHA1
c1e652d582e1cd146c8faac376e05a8d13f1d878
-
SHA256
54fde966426bdd3b101d43647e23f1ed4a527312982372af0cc6a5768fb386ed
-
SHA512
155f370f0f476d4b94cfd6254077337c46f49c976320a71cb3eaad1a9296cf55aed7620338fe7a547c80175fbb3e75459d8238337db040cc907c4a19b21f3db0
-
SSDEEP
12288:HoDzEcLL4ZjVUi0EosOijSmrXO9Ax3mIEDs0wvw1ajSxFrXhy:HG4s0jVLyijxZx2qI1ISxdXE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-