General
-
Target
fd30a08d2d9b1859568943452f3525807c4bc549cb99b8720070c0fc03941692
-
Size
779KB
-
Sample
230329-q3mn3sab6w
-
MD5
9e37298ea192d716f15005883f74ed0e
-
SHA1
232acb060e4f236f6b0f2af642bbfef9bd6b97aa
-
SHA256
fd30a08d2d9b1859568943452f3525807c4bc549cb99b8720070c0fc03941692
-
SHA512
17cc3f4989d99730b775c23adcd1d9b68907ce83062309b3c8703d51677b5afb9f24413048c284b75fcc8713c0bef550127482d366f87bef758b2025caf0c447
-
SSDEEP
24576:PMwf+m50w/dByz9h7JiDe1RnfZ5ZM1P3A6YlBE5Gwa:PMwf0w/dsfJiDqJfrW93AXbENa
Malware Config
Extracted
formbook
4.1
ss22
brillspharmapk.com
groupkateyodell.com
brandmentoring.net
cheapcialisbuy.com
feytechhub.africa
7897cp.com
cfg-test.cloud
dbfsolutely.net
die-junge-zahnmedizin.info
161612.com
dax2288.club
bmc52.com
ar0l.com
e3safety.app
financialfitnessamerica.com
agenciamundotech.com
cenbellion.com
furin-duma.com
66mayi.com
kcolez.online
Targets
-
-
Target
fd30a08d2d9b1859568943452f3525807c4bc549cb99b8720070c0fc03941692
-
Size
779KB
-
MD5
9e37298ea192d716f15005883f74ed0e
-
SHA1
232acb060e4f236f6b0f2af642bbfef9bd6b97aa
-
SHA256
fd30a08d2d9b1859568943452f3525807c4bc549cb99b8720070c0fc03941692
-
SHA512
17cc3f4989d99730b775c23adcd1d9b68907ce83062309b3c8703d51677b5afb9f24413048c284b75fcc8713c0bef550127482d366f87bef758b2025caf0c447
-
SSDEEP
24576:PMwf+m50w/dByz9h7JiDe1RnfZ5ZM1P3A6YlBE5Gwa:PMwf0w/dsfJiDqJfrW93AXbENa
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-