General
-
Target
nH3409D.tar
-
Size
370KB
-
Sample
230313-rp47mscg7y
-
MD5
5b81d539c1910ab4ccad7e94b94d42db
-
SHA1
cb14591d77d011d814838efd4db6577fba73058f
-
SHA256
28ca6f097c72ee690fc2dd5d3ab9cd4886f9a5155005aa3cd3fa4832a0c81c98
-
SHA512
4628f82672a95b825e7c782bd4a4c4603902c053be3f3f45be803aad7e94a0e6e86f64b9ba6f211ad0d376873de218eaac7a2b29696ef0877feed6139ffda2b8
-
SSDEEP
6144:bTnRa2T6biyMHZbwwSUE8vJP9flygSkYu/b6ru2fUmHb8jHg+VLpK8G:HRaT0HZBznJPdlygSkYNBfv78jFbG
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
Targets
-
-
Target
H3409D.exe
-
Size
770KB
-
MD5
8173c4f1aab9e70409d795b904d1b30b
-
SHA1
ca3a7fa60e5f910647316450c257a11aab8e7299
-
SHA256
d69785e0fa78ddb451072e232164234057e49a7671695c33c0db64adba871e44
-
SHA512
0815ae280189619c39bbffc0b75a93d499363c1389c2e3c98eadce769f47d775e81be2bf3d293b6c4bb9e51a41d1398f2130c93983152adc19e25918835c6cb9
-
SSDEEP
12288:gKLJyUZiUWf0sSEpcwXybqAsespUI2PRl/NnLLm:fly1UWf0s7qwXwI1pUDZl/NnLL
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-