General
-
Target
rRFQ_BIDLET-PO772917811_PROPOSL_BG_AD____PDF.exe
-
Size
1.4MB
-
Sample
250115-cfjr1sxjbw
-
MD5
289754998d1520e2bec7190452c464ac
-
SHA1
a25755aa21ff2512d7f0b19af804c7ca81729767
-
SHA256
dd82f88cdd4a62e9e9b5a081cbd3f98b542614ee6b0e33c2385817af92c704a1
-
SHA512
03e640719eee50a99cdcfce411c940339d5f0142beb4eba5d081a9ac493059fc44be9971f1e78750584cff478941f04c6ea3d61468f8dd903a6636324353ab08
-
SSDEEP
24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8a1pSsnwcKYQkZrUEI5DafK:3TvC/MTQYxsWR7a1Isn+k6EI
Malware Config
Extracted
formbook
4.1
bs84
ehuatang.quest
mart-healthcare.solutions
arehouse-inventory-59593.bond
rumpjokes.net
oonlightshadow.store
odernoob.website
sdmedia.net
0k21l6z.xyz
kwovenart.shop
chvb.bid
06ks28.buzz
grexvc.online
unnycdn02.shop
ettingitgonejunk.net
lubmango.store
ustjump.xyz
ofiveuss.store
aahasti-inter5.rest
etclcg.business
ai365.xyz
Targets
-
-
Target
rRFQ_BIDLET-PO772917811_PROPOSL_BG_AD____PDF.exe
-
Size
1.4MB
-
MD5
289754998d1520e2bec7190452c464ac
-
SHA1
a25755aa21ff2512d7f0b19af804c7ca81729767
-
SHA256
dd82f88cdd4a62e9e9b5a081cbd3f98b542614ee6b0e33c2385817af92c704a1
-
SHA512
03e640719eee50a99cdcfce411c940339d5f0142beb4eba5d081a9ac493059fc44be9971f1e78750584cff478941f04c6ea3d61468f8dd903a6636324353ab08
-
SSDEEP
24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8a1pSsnwcKYQkZrUEI5DafK:3TvC/MTQYxsWR7a1Isn+k6EI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-