General
-
Target
Payment 013125.exe
-
Size
1.1MB
-
Sample
250131-tp9hgazrbx
-
MD5
1f25b0932adb4f999664456718bd2705
-
SHA1
65b93e7c15c644f81784b38f68e832ef09f39a3a
-
SHA256
cdb3229e64d90c75e9205357001b037333e36ecf141098dab1971d82cfa238ee
-
SHA512
1aa055a35277b77db20b87c604eea433ad78fe2f3ffd1199e9ab89788cea6f53e39219d227536787c14ff268c500e43fb393e623c04c7c7e520a80adc0ab595d
-
SSDEEP
24576:lPV8K/0GHMcdgApDHFJGHSjbsZrnhuoBiq1D4Bu5JdQLaP:4KMPcdfOyjbsZ7cosqxwuPN
Malware Config
Extracted
formbook
4.1
i62s
uamentesaudavel.shop
nio.xyz
rginine12.live
ourmet94goodies.shop
dveo.xyz
epp.xyz
lexbreus.art
nline-gaming-32533.bond
znetio.info
hosaround.net
ecurity-apps-53798.bond
treamtiendat.xyz
ngomoney.online
wig.xyz
ills-au.today
megavine.shop
hatsea.net
nvestore.xyz
pasupplies.online
i-analyst.online
Targets
-
-
Target
Payment 013125.exe
-
Size
1.1MB
-
MD5
1f25b0932adb4f999664456718bd2705
-
SHA1
65b93e7c15c644f81784b38f68e832ef09f39a3a
-
SHA256
cdb3229e64d90c75e9205357001b037333e36ecf141098dab1971d82cfa238ee
-
SHA512
1aa055a35277b77db20b87c604eea433ad78fe2f3ffd1199e9ab89788cea6f53e39219d227536787c14ff268c500e43fb393e623c04c7c7e520a80adc0ab595d
-
SSDEEP
24576:lPV8K/0GHMcdgApDHFJGHSjbsZrnhuoBiq1D4Bu5JdQLaP:4KMPcdfOyjbsZ7cosqxwuPN
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Formbook payload
-
Suspicious use of SetThreadContext
-