General
-
Target
2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.zip
-
Size
694KB
-
Sample
230321-qq281acf5w
-
MD5
8d5e473fce47ae3e7a3cf47623249a58
-
SHA1
43ab959daeca601cb83b5180575a9ac20ee67d8c
-
SHA256
ad613ea8f2d306d287fe42bb1c866457621be85314baa9ceaad0fc4c1a3eb7f7
-
SHA512
e5b5eecedecccf81f3f8f90e3bdce42eaa83dd9877fcc263a4c33bddb92b8c78c60bddf6188b1352afae79dea666843037e89f177f9f731d2245a6ed6cf12671
-
SSDEEP
12288:AOSLUXfNUfjoE+4d67wtTB1HWVH+TiKdMbyjNDU28rY4ousnxqSSQrw:XuUX1UfjcGB1q3KdgyRV8rY4oujN
Malware Config
Extracted
formbook
4.1
jr22
941zhe.com
lunarportal.space
xn--osmaniyeiek-t9ab.online
trejoscar.com
nrnursery.com
quizcannot.cfd
seedstockersthailand.com
watsonwindow.com
wjfholdings.com
weziclondon.com
naruot.xyz
yeji.plus
classicmenstore.com
oharatravel.com
therapyplankits.com
keviegreshonpt.com
qdlyner.com
seithupaarungal.com
casinorates.online
8ug4as.icu
Targets
-
-
Target
2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.exe
-
Size
749KB
-
MD5
6561c71692329e5c4b10948e273ac496
-
SHA1
f01d729fbd8934730fd7531fa00649089e531616
-
SHA256
2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732
-
SHA512
73fe44ecf169bf6b35b7b3732caf201a6d949739cd5b627137f63dfef68e20ee9132def26672ecd9689a636d269a3e14853b6d771312c764ef23b2a05f762fa5
-
SSDEEP
12288:i97mYMUnFW/N5b9hsF+U5u0RX4up4Aev8lZLse1bdHnL+2CzomKsciaicxJnj:i97UrIF+UloE4AevUZhniZzL2iKv
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-