General
-
Target
9908676483.zip
-
Size
300KB
-
Sample
230404-wy3gmaba9v
-
MD5
7f5b9f84db928751df7dcae8235a3831
-
SHA1
30577def6993bdbe2de33ee8fc5de1f80a346675
-
SHA256
c0eae5b4a5c7e5bbbe3b60d1d841dde3411f8f6f64a40d8ffa6f276515f1f2d0
-
SHA512
b59cb8a3adf3960e02b95be5a6e2a61959e31788a9f490f78ad1c8b93bd66c2bdae706a6cc3c7f3e3c15e66829309208e32df17aff2f25902b9b79a734ae5f63
-
SSDEEP
6144:yYEy/JZdAhxkbNkPDlzcOtt8UAUpJemCrc3xAVp12653Qy:yQ9AwbNSDDtoUpYmCMecy
Malware Config
Extracted
formbook
4.1
h3sc
seemessage.com
bitlab.website
cheesestuff.ru
bhartiyafitness.com
bardapps.com
l7a4.com
chiara-samatanga.com
lesrollintioup.com
dropwc.com
mackey242.com
rackksfresheggs.com
thinkvlog.com
aidmedicalassist.com
firehousepickleball.net
sifreyonetici.com
teka-mart.com
ddttzone.xyz
macfeeupdate.com
ivocastillo.com
serjayparks.com
Targets
-
-
Target
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a
-
Size
602KB
-
MD5
91f1ee01deaf01ff8622cf95dde181d5
-
SHA1
cf4a960e3ead0c10deeeaccd6e7650b0042c524e
-
SHA256
4a3d68d1c0d4ccc8a137f1a6c41832131a9bd6050c25abba3777a50a7b142f3a
-
SHA512
176fc1fbc3a6b59d702f6e54eb6e4635bab859f18ec693cd23fc667b72fb55ee98641fd31ff0a5303b6dd6d57cb3387732f1281e2c08f21503397b8f03a67db8
-
SSDEEP
6144:WdE8uEDkEfQQvbaGrYddRe+51qjREwCZfc7RO5E4Z1eFEZpIismTxg9FromA4Rl:X8lDAjGrc7G2wCSOn1kOpIiteSmhf
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-