General
-
Target
50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d.zip
-
Size
273KB
-
Sample
230308-qgjqased66
-
MD5
13a251c8c8916f1ca35394b3f510e381
-
SHA1
c160f3d66e9adc092b2a01060bf65bd5d1d436db
-
SHA256
4a5309177d4f6abcd769add4273ecae79c990e124877765c1c4ab27b7236c8c2
-
SHA512
10942330988a1bb98c9a8a689ca76ea8516e2c97f2046498f5dd186fe209f6ae1e15bc357c99f37b7074f9ae53162c33abb27c7a02df7ba37fffd1b7e66abaa5
-
SSDEEP
6144:TnZKzCayQ4nSb6tZ8ZRWoMGtX+SLm7JchPC8RUAw9Alz8buZo7u:wzCe3b+8Z/f+SWJc1CUUAwSYC4u
Malware Config
Extracted
formbook
4.1
ho62
aqawonky.com
ancachsroadsideassistance.com
artologycreatlive.com
olesinfo.africa
lovebreatheandsleep.com
friendsofdragonsprings.com
homecomingmums.wiki
hg222.bet
precision-spares.co.uk
generalhospitaleu.africa
touchstone4x4.africa
dynamator.com
dental-implants-52531.com
efefear.buzz
bentonapp.net
89luxu.com
bridgesonelm.com
acesaigon.online
instantapprovals.loans
evuniverso.com
Targets
-
-
Target
50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d.exe
-
Size
349KB
-
MD5
ba645c8235d19c8407c81d62470eedf8
-
SHA1
9b78b515d6869753e2bb3e46d1307deccef79e57
-
SHA256
50fe8f68de11579bdf0d4703cc9e6a1f0f9817a5605b15977c229bf5c522338d
-
SHA512
7efa198fd976f2660fc033f708739c003210ae88e50938abec6ce919e85246ca4a6d4f3db0e105b16094b08a68ad1234b5986cfed43c90b239369a46e95a65de
-
SSDEEP
6144:jYa6a3R6bVzifniXpVKRNQfgwq+DMhfii10dqeH+QE:jY03RYV+Op8Ugwq+HiSg0PE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-