General
-
Target
0899d3894338f52e9c7108e34d49e9b99fd9f6d78536cacedca6c1c90a9fdf58.rar
-
Size
583KB
-
Sample
241116-cjgrtsxhmr
-
MD5
e65378a4104452cb027d9898c95c57bd
-
SHA1
16fb37f13741698a76143bd2838124dc593ff4b4
-
SHA256
0899d3894338f52e9c7108e34d49e9b99fd9f6d78536cacedca6c1c90a9fdf58
-
SHA512
b350932a502874e146a0f4ff5a8d4de4a1f0306d861aa32ea91c3a1bcf03ee76911f7e1c7ef22b2da6a6d12e1a1203718442566cced83321dd25f871feed1898
-
SSDEEP
12288:6yRapBYCt5V6QbqCiYls/bE8/pJrmHydYqc1AjCp7tVv:Hc4YBb8Y4bT/j6Hyax1uCxv
Malware Config
Extracted
formbook
4.1
cl21
0001.shop
earch-parttimejobs.today
are888.top
akanhaunthipped.shop
othing-heyu.xyz
cadvirsor.net
nclanalae.shop
lectric-cars-mexico.today
oxj-question.xyz
ersonalloanoffers.today
ersonalloans-fo54-fo37.click
verybody-ewfx.xyz
ercuremontauban.media
azilimdunyam.net
airs-clinicato.today
wiftsscend.click
ertainly-jbws.xyz
8xeng.app
damekadmitageable.cfd
ollapsedec.shop
Targets
-
-
Target
Transfer of rights and privilege.exe
-
Size
1.1MB
-
MD5
fa91a7463a9ea4918102bccaa035dac1
-
SHA1
eb1e162fc866d77e6ca4f68c464e4793a9013094
-
SHA256
e5eda013173004830010766af13273e9ee2b96c0c63628a531945e4e8c0da884
-
SHA512
a40959b205039c308f3bc396bd86d060da71938d1199b1000837fd1037e01dcd9a530ad7083ab4f66458c3772b64fe27cd372fcc747fa6e931ec4393a38d3cc4
-
SSDEEP
24576:Dtb20pkaCqT5TBWgNQ7ayLWZ2KbH1EhzJ9OPR7z6A:AVg5tQ7ayLWZ2KOJIRP5
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Suspicious use of SetThreadContext
-