General
-
Target
9b6a2602bad810bd739f2c3bbf31f538_JaffaCakes118
-
Size
360KB
-
Sample
240611-za1vns1ajn
-
MD5
9b6a2602bad810bd739f2c3bbf31f538
-
SHA1
d1cbb96368250e39602e1b6f9fff00286cff7855
-
SHA256
7042a4c7215dbd9bbf85bec521345f1bfdfc2215da024bace12b2c56784e309a
-
SHA512
6706ef0bc4a6040f61bc2558f467856e758c83dca93c08f4d8d4087df29b8f9c8146281322529e23a839dea38726b8947ec61f923fbfb6afbd3b2cfb0e809f15
-
SSDEEP
6144:VEvIuaERAwEhEYSxzplj4INo5PlCbJ9rI0HtNeLTRuevUFHe+HWhb9mKVq0QfvzG:VEvIoRAwEmYM70INPd9XNgZu1FHrHWlv
Malware Config
Extracted
formbook
3.9
ne
gofastfreightllc.com
tv17433.info
ilhandogan.net
themelclinic.com
coopervision.help
igmonlineloans.com
tobcm.net
testcijh1550906721.com
mrgazoo.com
060pe.com
opensharingeconomy.com
venturing-inblogging.com
369lawfirm.com
za5r0.info
flyfunspot.com
techelping.com
precisionos.tech
domenicaleonti.online
binnenbanden.com
officiallyfunneled.com
Targets
-
-
Target
9b6a2602bad810bd739f2c3bbf31f538_JaffaCakes118
-
Size
360KB
-
MD5
9b6a2602bad810bd739f2c3bbf31f538
-
SHA1
d1cbb96368250e39602e1b6f9fff00286cff7855
-
SHA256
7042a4c7215dbd9bbf85bec521345f1bfdfc2215da024bace12b2c56784e309a
-
SHA512
6706ef0bc4a6040f61bc2558f467856e758c83dca93c08f4d8d4087df29b8f9c8146281322529e23a839dea38726b8947ec61f923fbfb6afbd3b2cfb0e809f15
-
SSDEEP
6144:VEvIuaERAwEhEYSxzplj4INo5PlCbJ9rI0HtNeLTRuevUFHe+HWhb9mKVq0QfvzG:VEvIoRAwEmYM70INPd9XNgZu1FHrHWlv
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-