General
-
Target
2f9e1385a9c419ad70bb121e4250ae0a.bin
-
Size
556KB
-
Sample
240327-b7fn1ace8w
-
MD5
608037abcea8e1b38569485c03ca9342
-
SHA1
78f4d938ab860a9e7ab3b1c878fda764b2b376fe
-
SHA256
171f5e5c6af8da5f27dd317092e46e7f818eb17539b346e383a9d0576b336b71
-
SHA512
f79139495a345f1be22d4c877f68fec669db9a512f3e9dc0533e7a23fb4a436bec439c7290ce4f35d501625b743762379f79840304b947d1d6242f6fad5069dd
-
SSDEEP
12288:5wkY+NHoJ5vi8G9GWmYtNAarAyXf6lq0elYG5LZgE/u84fnbsLE:lvNHU5K8IrXtF6l6YG5tgdbsLE
Malware Config
Extracted
formbook
4.1
o22d
stillsfengservices.com
protectagainstcrime.com
winiboya.com
mindbeforemusic.com
giyelz1i5.sbs
coin8899.com
coolgirls.club
ssdcf1416aasx.world
heir.solutions
soulmatchup.xyz
ingenetpy.com
knkvdqt5g.sbs
vireoremedy.com
leopolis.rent
apartment-for-rent-314.space
theenlightenedmotherhood.com
zidao.cloud
oi7982jbacdbfssagroup.monster
anandasnacks.com
start.beer
Targets
-
-
Target
9a565700a3d3c7a802780c0e4ba717b082175fd33b5afc7dcfeb95905b6db784.exe
-
Size
590KB
-
MD5
2f9e1385a9c419ad70bb121e4250ae0a
-
SHA1
ee2018b7427e3eccd78683018864043a72d841a9
-
SHA256
9a565700a3d3c7a802780c0e4ba717b082175fd33b5afc7dcfeb95905b6db784
-
SHA512
9c7a9d86a29729b1189a027e11c40175928c2c76355678ebaa06a08b42a8b0d6c0e6ba6237d61aa81a8a80e8b9d52b22c877f45dd74a233c720fee10e6419917
-
SSDEEP
12288:IS4CMwNNFJyvdgH7RPTwerlTuzRjynjSGqaJt2m8:IMFggH7RbweRTuzJsjSGqaJsm8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-