General
-
Target
fde5052283982b31e8affce41a047ef3.bin
-
Size
509KB
-
Sample
230510-cnv51sdh62
-
MD5
4a55aa1ae1468c183f770b31be5d47c6
-
SHA1
437413a6b88fafc8f2839357ccdcf40d050edb38
-
SHA256
414c26d354b74910f3f9906d4ac77bad4ae3f723f2e841e1fbce1a9dbd224bf1
-
SHA512
12eef23c3c133b1ff84fcc12d3faf79a2d8e1b1460ee3f447082698359529a2eb797a2f2aea061c542fdcc4340d41069e41d33ba33267175e2352626b183529f
-
SSDEEP
12288:TTL/Z4tMDDBBAzw/Jem0poCAeiMngG0qLSWpomwO:T/Z4tIDXAJvpovMngJqLSWZ
Malware Config
Extracted
formbook
4.1
in62
daniellemalton.com
digitalmagazine.online
ceroemisiones.net
advdbg.com
sxcontu.xyz
aerialcomedy.com
clevershopus.com
lebanoncabledawgs.com
shanquella.com
tea-ignite.net
hesank.net
gawkyyaffect.com
htmastodonapp.uk
digitalsolutionscx.com
estymuelsintegrated.africa
craigslist25.com
hotel-coto.xyz
gistus.africa
jamesthomas.online
blopresmonll.com
Targets
-
-
Target
Payment Remittance Advice.exe
-
Size
573KB
-
MD5
a0eae724a324d168ea7f600be5ca3984
-
SHA1
107fdd58bfa83415e8359e22dcd3710a006e4dfc
-
SHA256
fbcd0824d723107fbf65f4d82506544ff6514364e745242e74a8d7f86d16575f
-
SHA512
c6a57ee61657ecc8668415b6c59e85a99f10ca30e3ec2313fee0756596b55867c85335ed9ae6bf4aacf4aa697580c14720b7b0921cd98c5d87db7ded16119b15
-
SSDEEP
12288:xnrTfq5uTjWegOT/oWiT9iIf7G7LyvNr/jh0uILNS0T:xnXfqoTKdweT9io7kLk5/jy/LN
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-