General
-
Target
03f68e754aaa9699ee2ef3396020e5ae.bin
-
Size
420KB
-
Sample
230608-bctx5sae7y
-
MD5
8dcf6b22c6846fa32e2be018fd90ca4c
-
SHA1
5f25706c37cc555ae686aff518f3b2f701242c5c
-
SHA256
31d4a66b08ab1e32264b6570e9295b0d5b9f047896f83136f186871520544d07
-
SHA512
cc1ebff6575b1b32e925c9e6fb499e622f51e0cab7dd13b65ce6c17f72571dda739bbc0180577fdb124de34dc7d72b83e7b4b1ec09517a5c35f6909304b4de84
-
SSDEEP
12288:dR9ikvGkZ5fG9jEmUVc33jotWNyMAPOYEmyFOCY8moG85J:MkOk+97smctWNyMAdEmyFOz8qwJ
Malware Config
Extracted
formbook
4.1
t3c9
shadeshmarriagemedia.com
e-russ.com
sofiashome.com
theworriedwell.com
americantechfront.com
seasonssparkling.com
maximuscanada.net
tifin-private-markets.com
amecc2.net
xuexi22.icu
injectiontek.com
enrrocastoneimports.com
marvelouslightcandleco.com
eaamedia.com
pmediaerp.com
tikivips111.com
chesterfieldcleaningcare.com
thecrowdedtablemusic.com
duncanvillepanthers.com
floriculturajoinville.xyz
Targets
-
-
Target
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba.exe
-
Size
842KB
-
MD5
03f68e754aaa9699ee2ef3396020e5ae
-
SHA1
1006050371550d0a31c17664e51a1ad91473ff6f
-
SHA256
54be9ba2765771cc0ba840828116938a88a6bc48732f79113afd36b3e1c264ba
-
SHA512
dcd0913e92b574e0ea795aa3508a6a10516366230ed06233f3c237f8fb227f827f88c1b23eaf7aff05277b7c5b5579f6d7fdaa4763c02c71a854da63ee458bce
-
SSDEEP
12288:tqcXKzYRKvoT9GfENy1H+n4J6m39o8K796Wbk0SDpcCMZMg:tfXKoT9GfENy1H9Q7f796Wbk0OpcI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Formbook payload
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-