General
-
Target
Shipment Document BL,INV and Packing list Attached.exe
-
Size
305KB
-
Sample
200630-12t4dwm3ta
-
MD5
15841911ca4112d3e662c04db3517145
-
SHA1
be584653e032bd30328b6dbc5e7a502bde7f8342
-
SHA256
bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0
-
SHA512
b0140fd10e30fa8b4929cad363396d7cacc90fce41b42e42d5574d11cf68e40032555ed06c6257f23b1e8190f404605eafa37b2504567ec8e3ed453672687e7e
Malware Config
Targets
-
-
Target
Shipment Document BL,INV and Packing list Attached.exe
-
Size
305KB
-
MD5
15841911ca4112d3e662c04db3517145
-
SHA1
be584653e032bd30328b6dbc5e7a502bde7f8342
-
SHA256
bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0
-
SHA512
b0140fd10e30fa8b4929cad363396d7cacc90fce41b42e42d5574d11cf68e40032555ed06c6257f23b1e8190f404605eafa37b2504567ec8e3ed453672687e7e
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-