General
-
Target
02208999.exe
-
Size
842KB
-
Sample
230606-sz5ftseh6w
-
MD5
03f68e754aaa9699ee2ef3396020e5ae
-
SHA1
1006050371550d0a31c17664e51a1ad91473ff6f
-
SHA256
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba
-
SHA512
dcd0913e92b574e0ea795aa3508a6a10516366230ed06233f3c237f8fb227f827f88c1b23eaf7aff05277b7c5b5579f6d7fdaa4763c02c71a854da63ee458bce
-
SSDEEP
12288:tqcXKzYRKvoT9GfENy1H+n4J6m39o8K796Wbk0SDpcCMZMg:tfXKoT9GfENy1H9Q7f796Wbk0OpcI
Malware Config
Extracted
formbook
4.1
t3c9
shadeshmarriagemedia.com
e-russ.com
sofiashome.com
theworriedwell.com
americantechfront.com
seasonssparkling.com
maximuscanada.net
tifin-private-markets.com
amecc2.net
xuexi22.icu
injectiontek.com
enrrocastoneimports.com
marvelouslightcandleco.com
eaamedia.com
pmediaerp.com
tikivips111.com
chesterfieldcleaningcare.com
thecrowdedtablemusic.com
duncanvillepanthers.com
floriculturajoinville.xyz
Targets
-
-
Target
02208999.exe
-
Size
842KB
-
MD5
03f68e754aaa9699ee2ef3396020e5ae
-
SHA1
1006050371550d0a31c17664e51a1ad91473ff6f
-
SHA256
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba
-
SHA512
dcd0913e92b574e0ea795aa3508a6a10516366230ed06233f3c237f8fb227f827f88c1b23eaf7aff05277b7c5b5579f6d7fdaa4763c02c71a854da63ee458bce
-
SSDEEP
12288:tqcXKzYRKvoT9GfENy1H+n4J6m39o8K796Wbk0SDpcCMZMg:tfXKoT9GfENy1H9Q7f796Wbk0OpcI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-