General
-
Target
613aac6bca4a1628ad9717e84e44730ec74eec9bb771058eac5c1297a5f1c05b.zip
-
Size
433KB
-
Sample
230321-qn8m1aad93
-
MD5
9a3c6e737d1d9e191eec85da73060146
-
SHA1
68e168e0f668d3a14383522c87316b620516c491
-
SHA256
7f555b306cbd48384f0689725decbf4f9313c7e91e783f6766beeb8c0913b68b
-
SHA512
b4ba7e17e32e0b7c342fcc8a38e01456c8c8af10ee70e8725996460a47aa3927f9cae8b92b7a8726d14ec55d4b00471d95394dbf8a6ff10d2bf714069ceee2ff
-
SSDEEP
12288:4khY2hzyfr7pQum2eNAQe8wAP5SqQce9LFHq1+:4IY4Cp9JewI5IS+
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
Targets
-
-
Target
PO89854.exe
-
Size
828KB
-
MD5
7c8067dc792a02d4d1211a2486a56334
-
SHA1
d1dd06a7a2c4b707882d1bb9559646aa049d4146
-
SHA256
ac4fce0e72e52a363a1cc5d5c425a2add422321772a84beb1d339b0bef76287a
-
SHA512
a360bb7bed4f1c5463fe357edea9e2ab29fafbff00400e778a7e9dadb311d65f954c02e327dbd664effacb70710b8138e1b29d5689af3160b44d8f72c4c81bd0
-
SSDEEP
12288:mMlTjVH4G4CWP/lAS2WW5dCvWSbmbrvPZb2v+9RWx6OPOKX:m4PV17WP6S2WWGuSirvPZwCPOPOK
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-