General
-
Target
5cad52271422b36941487ad44a7ade44.exe
-
Size
255KB
-
Sample
230716-j8zr9sed3v
-
MD5
5cad52271422b36941487ad44a7ade44
-
SHA1
0fa6ba3c9799301fcdb529abcb5d7098c5c3fdba
-
SHA256
0cffea5daeb941cc6235f4de2fe2ba348ff08742d196ffc68bc8d7f1109596fd
-
SHA512
b2a583bff19ace982d3f722c60d5331711a966b000f748e251b83f52eba32185f7469bcc4c0f298d7f0f3876518b0848410667067d2f3187b439a18a6ae192ab
-
SSDEEP
6144:RC2fT8maVl1F4rxzEc2qauQpeLXsS9ECZXQE3yH:pSv4rxwc2qweLXsSpX3yH
Malware Config
Extracted
formbook
4.1
ms14
adjoinstaff.online
kmmdznky.cfd
keyviewgroup.com
kidomarketing.com
jroxtqpq.cfd
jdevmx.com
genqaagz.cfd
1cdpwp.cfd
francegoldvip.com
2qy218.xyz
peterscanner.com
trullys.com
aniwatch.top
windyhillcnc.com
pokazhu.com
r74jsy.cfd
paulgadgets.com
lindanewtee.com
lasik-de-de-8808230.zone
critone.site
Targets
-
-
Target
5cad52271422b36941487ad44a7ade44.exe
-
Size
255KB
-
MD5
5cad52271422b36941487ad44a7ade44
-
SHA1
0fa6ba3c9799301fcdb529abcb5d7098c5c3fdba
-
SHA256
0cffea5daeb941cc6235f4de2fe2ba348ff08742d196ffc68bc8d7f1109596fd
-
SHA512
b2a583bff19ace982d3f722c60d5331711a966b000f748e251b83f52eba32185f7469bcc4c0f298d7f0f3876518b0848410667067d2f3187b439a18a6ae192ab
-
SSDEEP
6144:RC2fT8maVl1F4rxzEc2qauQpeLXsS9ECZXQE3yH:pSv4rxwc2qweLXsSpX3yH
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-