General
-
Target
25092024_0650_24092024_Quotation #10091.zip
-
Size
744KB
-
Sample
240925-hl7zpatfpf
-
MD5
b81aa1557e649e0ef4c44a79e665f742
-
SHA1
c9c933bee9c26c4b180c7cb9f7d995ce8f24be28
-
SHA256
682488669b570454581b7b20875cf3f95734ca8da117ebedc23a13b4ebe01a70
-
SHA512
b9e3c39b6b7129c4f94e4c92cddbc079cd7a7b7c3afe86553285ff9e71d12c0a21d76749f9c4302e5792ea22e00a21b6ca8fecb4fca3fc4d90b9a58684e4f546
-
SSDEEP
12288:R/gBT51V14eECqni+Oa84aR73OyCsGh5eUVtx6AfDieqV2jqPH88bGVUCYv+e:9gBTS7nt+3DvCVh5eAtxDGevjqPH88/f
Malware Config
Extracted
formbook
4.1
c89p
ftersaleb.top
dcustomdesgins.net
ostbet2024.live
rhgtrdjdjytkyhretrdjfytd.buzz
atauniversity.tech
idoctor365.net
x-design-courses-29670.bond
ellowold-pc.top
ransportationmmsytpro.top
areerfest.xyz
artiresbah-in.today
ijie.pro
torehousestudio.info
69-11-luxury-watches.shop
earing-tests-44243.bond
hits.shop
hzl9.bond
lood-test-jp-1.bond
livialiving.online
usymomsmakingmoney.online
Targets
-
-
Target
Quotation #10091.exe
-
Size
758KB
-
MD5
6e39ee33f6527364cac3cc4bbf276f26
-
SHA1
a7c12eef84ae778ce5158327d419508eb5b199c8
-
SHA256
1a52416bc054c0f2a46f2fd215d73d3285334fcdacf02ed449935bd93fb70863
-
SHA512
d06164091fe866df2626377b2d2589d9da291c73aff55b40db1844e32290c1f5e37b1ba8155ee02a351366df5a8862ce0b2e5b28a9b14b65cd568064cde28a78
-
SSDEEP
12288:v6Wq4aaE6KwyF5L0Y2D1PqLVRX3OyQsAhJYUVTx6AflSeqz2jqPB88bYVUCYH5g:tthEVaPqL7nvQlhJYATxDYeHjqPB88ZO
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-