General
-
Target
NR ZAMÓWIENIA PRÓBNEGO 0001-pdf.exe
-
Size
561KB
-
Sample
230329-g8bz4afa83
-
MD5
abb44d8629dbbae4b307b638fa35c921
-
SHA1
91b9b648dfcc9261d3c0135eea5c4a9da4e87985
-
SHA256
55d12f1706d497912ee1c846004edea135577d7e2eb2246e9c439740be365643
-
SHA512
c6226f1c6634e11a48c79668df2229d43476d6dec9351da239bf9da58500751e584dccf3eea2aba77e881b2eb9c8b116843b0cee5a7d2af21db0561c4e1661a2
-
SSDEEP
12288:KTMY1ltUnHhjgUciLJDrLmuychLXK8WEu:KThtejgUci9DvgcM8Wh
Malware Config
Extracted
formbook
4.1
il23
woodlandwoodworking.net
kitchen-deals-69155.com
hiddendia.xyz
xelaxaste.uk
sproutstrive.com
avlulu124.xyz
g-starnetwork.com
a-avdeeva.com
filmart.top
bustime411.com
besyor.xyz
joulex.live
christmastempjobsfinder.life
cxrh-official.com
themuzzy.co.uk
joshisarena.africa
dental4family.com
dietsandsixpacks.co.uk
innovativedigest.com
flyingphoenix.club
Targets
-
-
Target
NR ZAMÓWIENIA PRÓBNEGO 0001-pdf.exe
-
Size
561KB
-
MD5
abb44d8629dbbae4b307b638fa35c921
-
SHA1
91b9b648dfcc9261d3c0135eea5c4a9da4e87985
-
SHA256
55d12f1706d497912ee1c846004edea135577d7e2eb2246e9c439740be365643
-
SHA512
c6226f1c6634e11a48c79668df2229d43476d6dec9351da239bf9da58500751e584dccf3eea2aba77e881b2eb9c8b116843b0cee5a7d2af21db0561c4e1661a2
-
SSDEEP
12288:KTMY1ltUnHhjgUciLJDrLmuychLXK8WEu:KThtejgUci9DvgcM8Wh
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-