General
-
Target
6d2331c2b272fbe95d77250c47b37e71_JaffaCakes118
-
Size
472KB
-
Sample
240524-dkyx6sah6t
-
MD5
6d2331c2b272fbe95d77250c47b37e71
-
SHA1
e70258580bda815758bef6386b0d64bfbde24ff6
-
SHA256
58be60f2549f4c7093fcb9fdc050154389d02b4ad7b60439122de5bf02865074
-
SHA512
150d69d9815c8e3b9a8331cfd7eb46aedc21b6f4c8c2ff45f717bba143bd6d90d02e342d20dc78c1e78e431f7a69ee03c60da564d5ea826a9358f40921e49961
-
SSDEEP
6144:cmrL7bOr2xYboL9br/U+e/HQL3dZ655y8Yvl/oHzUmaIv7:cm7GEYmnU+aHQTm5gdvl4Q1y
Malware Config
Extracted
formbook
3.9
tg
xn--wmq267cvp4asgh.com
herunyunshang.com
fulhdmovie.cymru
runforabetterlifecoaching.com
www58978www.com
gachtiendat.com
turkico.com
jetlinefountain.com
mybabycool.com
housebuyinginlosangeles.info
tatreggyprismnimbles.win
moa397.com
thestrangerthings.com
kreditpintar.com
luggagelockercompany.com
xczcefmdsz.info
51linhu.com
zoodmal.com
bizrver.com
bostonrefinanceglobal.com
Targets
-
-
Target
6d2331c2b272fbe95d77250c47b37e71_JaffaCakes118
-
Size
472KB
-
MD5
6d2331c2b272fbe95d77250c47b37e71
-
SHA1
e70258580bda815758bef6386b0d64bfbde24ff6
-
SHA256
58be60f2549f4c7093fcb9fdc050154389d02b4ad7b60439122de5bf02865074
-
SHA512
150d69d9815c8e3b9a8331cfd7eb46aedc21b6f4c8c2ff45f717bba143bd6d90d02e342d20dc78c1e78e431f7a69ee03c60da564d5ea826a9358f40921e49961
-
SSDEEP
6144:cmrL7bOr2xYboL9br/U+e/HQL3dZ655y8Yvl/oHzUmaIv7:cm7GEYmnU+aHQTm5gdvl4Q1y
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-