General
-
Target
1238938e0503f03e6cae0bdffb27600e8128bdd3e93144a9b72d43dc7f78463f
-
Size
661KB
-
Sample
230420-hkfttaab5y
-
MD5
d1b61fc130b72db87ba82f2d2c639a11
-
SHA1
3bdeb5a6e000835ecdd96b7577aa28f964156ea1
-
SHA256
1238938e0503f03e6cae0bdffb27600e8128bdd3e93144a9b72d43dc7f78463f
-
SHA512
be9be08dfc79774488755dd908f59ad978d5bcbba3f4ea25a1e3f5578ca082ac92633ca76245ade416f88c9a9de59c50cc4edf2af242e53169021399a04429b8
-
SSDEEP
12288:H2iN12Ezuy53yOKCVAexhy3p17zzWA3oMNBoxViy4NxiFEx4h:H1mEd5itCVd8zzxN+niyC54h
Malware Config
Extracted
formbook
4.1
btrd
toulouse.gold
launchyouglobal.com
margarita-services.com
dasnail.club
casa-hilo.com
hardscapesofflorida.com
thepositivitypulse.com
kkmyanev.cfd
love6ace22.top
castorcruise.com
chch6.com
h59f07jy.cfd
saatvikteerthyatra.com
fxsecuretrading-option.com
mostbet-k1o.click
36-m.beauty
ko-or-a-news.com
eurekatextile.com
gynlkj.com
deepsouthcraftsman.com
Targets
-
-
Target
1238938e0503f03e6cae0bdffb27600e8128bdd3e93144a9b72d43dc7f78463f
-
Size
661KB
-
MD5
d1b61fc130b72db87ba82f2d2c639a11
-
SHA1
3bdeb5a6e000835ecdd96b7577aa28f964156ea1
-
SHA256
1238938e0503f03e6cae0bdffb27600e8128bdd3e93144a9b72d43dc7f78463f
-
SHA512
be9be08dfc79774488755dd908f59ad978d5bcbba3f4ea25a1e3f5578ca082ac92633ca76245ade416f88c9a9de59c50cc4edf2af242e53169021399a04429b8
-
SSDEEP
12288:H2iN12Ezuy53yOKCVAexhy3p17zzWA3oMNBoxViy4NxiFEx4h:H1mEd5itCVd8zzxN+niyC54h
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-