General
-
Target
c1daa08a1ce383a61d36ad42ca4edab5cf60cb3a8445311f4cada66260b70d6b
-
Size
17KB
-
Sample
241110-3pv5hsxjfw
-
MD5
641cd03b9c2df848d85f40f9f9d344e9
-
SHA1
f9388c4fa7ad97861ebd1f74a8c8b30949b6969c
-
SHA256
c1daa08a1ce383a61d36ad42ca4edab5cf60cb3a8445311f4cada66260b70d6b
-
SHA512
414e78ac525c9f1e1213097b738f07207ae776b65db3c52de187cc88600491fc2dab391d4c38c2ceb232f1b42db8295e04139dc5807fc91e2bc743d8e5f36217
-
SSDEEP
384:o+qmFTKLhWsYBm1YPUC36eGtyH/DmULMBzxvEFY3CV6ttGkb0:7TS4FUC36eyyH//ixEFY3CIb0
Malware Config
Extracted
formbook
4.1
tomx
fistlike.website
marks-denki.cloud
6zn3wp.top
warehouse-services-86876.bond
voidcast.lol
bathroom-remodeling-50828.bond
freedentalimplants15.site
virtual-assistant-81181.bond
v48s6d5.shop
bizkairo.com
midwesterne.click
d008otoeq.site
chantroimoi586.click
folsomtakesaction.net
healthcare-software-10982.bond
paths2healing.net
interac-pay24.shop
campaigncrushconsultants.world
uui3960.top
bagiqqa.biz
Targets
-
-
Target
ELAN#0472940573000.exe
-
Size
40KB
-
MD5
bcc10d614981f0eed446306185ba0a3a
-
SHA1
cc400a605e2febdaa27b5887f55a922372b6e298
-
SHA256
4b7c88deb8cd20b960e2d396f24708a6018d2a1483fda51b7444b0685b3888da
-
SHA512
87f97bbe1a4c73b93a34ac6efa0a6b8722b0a43f17b9e805066539a65eb709289ef26d4bdb9f53e174cb41116a9e0d26014495e3b6e90470d631b68c6f1c7147
-
SSDEEP
768:W33QdsUZYRx8OC0cKRSbA7vJRc8GvPQoA0BAtHzae6M:WHQFY8OC0VSbqvJRc8GvPQoRBAtKM
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-