General
-
Target
f90db97e56f2eb46d2e55a0cd7674997bbc2d644f6370b477fd04edfca7b9cdd_JaffaCakes118
-
Size
446KB
-
Sample
240419-adyr2sbg5x
-
MD5
e10c2c5de1c6b8be9f4d6814930fd018
-
SHA1
9305c3478e82b8e05395c6010737b2ca50e9a026
-
SHA256
f90db97e56f2eb46d2e55a0cd7674997bbc2d644f6370b477fd04edfca7b9cdd
-
SHA512
f8c83a346b2e29d8915ba00fef8eaf7d15dfebaffea2ad5e9863bcac3414a224926b627c2371644e0a48ff602aede5ad4b21f2d1513e95a306a6fe2997011040
-
SSDEEP
12288:YvL8c8ld2qLqxhHe6wQfDxRvIxVvJRjs:e85OqLAHLwQbxtcVvJC
Malware Config
Extracted
formbook
4.1
rhtn
ctwlabs.com
zaimjefhi.online
janetsboutiquestore.com
srello.com
dk1380.com
thuphangahhome.com
usahealthcarenetwork.com
ostbet.com
artbacus.com
kuaitaobao.net
aeinnamehranandegi.com
glassesbestselect.com
drain-pipe-cleaning-47086.bond
beyondhorsemanship.com
cottonfuturesbook.com
fairfieldcountyb.com
worldtoronto.com
onairnepal.com
kongmad.com
host-u.com
Targets
-
-
Target
f90db97e56f2eb46d2e55a0cd7674997bbc2d644f6370b477fd04edfca7b9cdd_JaffaCakes118
-
Size
446KB
-
MD5
e10c2c5de1c6b8be9f4d6814930fd018
-
SHA1
9305c3478e82b8e05395c6010737b2ca50e9a026
-
SHA256
f90db97e56f2eb46d2e55a0cd7674997bbc2d644f6370b477fd04edfca7b9cdd
-
SHA512
f8c83a346b2e29d8915ba00fef8eaf7d15dfebaffea2ad5e9863bcac3414a224926b627c2371644e0a48ff602aede5ad4b21f2d1513e95a306a6fe2997011040
-
SSDEEP
12288:YvL8c8ld2qLqxhHe6wQfDxRvIxVvJRjs:e85OqLAHLwQbxtcVvJC
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-