General
-
Target
94808d496596f1b0e00c996d77c1af89_JaffaCakes118
-
Size
986KB
-
Sample
240604-mka1sadh46
-
MD5
94808d496596f1b0e00c996d77c1af89
-
SHA1
09384ec9ee897d766b03e5eff0579d23c25e3bff
-
SHA256
294d980ee33b3ee783ef73efa634d8f910ac910f3a1d2b685daea4151dc7d3f2
-
SHA512
d6c6d13f52e1fb211c7e65ec49feed91f186c4464ba22c2c1f486bb7b2a14848198f5d7fd635f1f05282e20f51f26282ba15a67c4d90d8bc7d2a61705d7b19a0
-
SSDEEP
6144:/aUDG3Kp1O6VEJD6Lpzu5VGZ1xbt3oN/EqiOq762DOHXRSE8:/aUDd26VEt6pu5GbtwEqXq7pDOHw
Malware Config
Extracted
formbook
4.1
m1d
ecodezine.com
petshoot.com
finamoreservices.com
blcbbs.com
isarlog.com
vitall-holding.com
deeperootscbd.com
elizabethavan.com
xn--hizmetasistanm-igc.com
healing-with-touch.com
zebfx.com
optibm.com
mybrandsellsyourland.com
estebanell.com
average-gaming.net
beproudof.site
werrei.com
97mix.com
pastaneli.com
topryan.com
Targets
-
-
Target
New request for quotation9867875fdp.exe
-
Size
450KB
-
MD5
8bdeb6070b54bcbb362faea15aaf8f7f
-
SHA1
7708c09b98622341b13ffcb99fd61778f51c16fc
-
SHA256
63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60
-
SHA512
1033d22a99be996d10eea1affa1beaf067eb29c7235ae7080e86f8da71b0ee5252b4cdf45e0553897cdeae49154c113cf7ac8ed02bc2a38de8df1b1d042d0c23
-
SSDEEP
6144:9aUDG3Kp1O6VEJD6Lpzu5VGZ1xbt3oN/EqiOq762DOHXRSE8:9aUDd26VEt6pu5GbtwEqXq7pDOHw
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-