General
-
Target
Confirmation Copy 11.exe
-
Size
520KB
-
Sample
200731-823kfjmmm2
-
MD5
9d317210a5afb36bb85856718b96e1ef
-
SHA1
e5cf4b696cb785b825322f84cf66c299c27f4068
-
SHA256
2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
-
SHA512
5d67f53a63d1cd20af6073b16dff41d41922a0b680c041d52364c08528280a399851612cfb7190f96e5788e94eec7d967e53bb4643db06cc475f380a8e02deba
Static task
static1
Behavioral task
behavioral1
Sample
Confirmation Copy 11.exe
Resource
win7
Behavioral task
behavioral2
Sample
Confirmation Copy 11.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
Confirmation Copy 11.exe
-
Size
520KB
-
MD5
9d317210a5afb36bb85856718b96e1ef
-
SHA1
e5cf4b696cb785b825322f84cf66c299c27f4068
-
SHA256
2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
-
SHA512
5d67f53a63d1cd20af6073b16dff41d41922a0b680c041d52364c08528280a399851612cfb7190f96e5788e94eec7d967e53bb4643db06cc475f380a8e02deba
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-