General
-
Target
DHL AIRWAYBILL SHIPPING DOCUMENTS.pdf.z
-
Size
617KB
-
Sample
240621-pzecvstgkr
-
MD5
1bc39b253c80c22759d1b4d18cf885c1
-
SHA1
8901052a34b2cdd3b5d170d3aa7177061409a5bc
-
SHA256
2ddddc0b99a94f5595fede3ad6d1b90f3b95e727e782aaa6985362a15597e67d
-
SHA512
bab5533080fd18a6b91078da6ce2b3c7dbcd455038955aa38175595be2fd58b6fa3b91ba0d2d3d14748433e93302177e7ecc3424d1b71a540610369c908bf1fa
-
SSDEEP
12288:uG1tzxi/2QK+n/q+Nj+Xj863hko0EKuD8OKXVQF0h9pNTH8R:L3zxy2Qzq0sLhko0EoOiVwmxM
Malware Config
Extracted
formbook
4.1
rn94
st68v.xyz
conciergenotary.net
qwechaotk.top
rtpdonatoto29.xyz
8ad.xyz
powermove.top
cameras-30514.bond
vanguardcoffee.shop
umoe53fxc1bsujv.buzz
consultoriamax.net
hplxx.com
ndu.wtf
yzh478c.xyz
bigbrown999.site
xiake07.asia
resdai.xyz
the35678.shop
ba6rf.rest
ceo688.com
phimxhot.xyz
Targets
-
-
Target
DHL AIRWAYBILL SHIPPING DOCUMENTS.pdf.exe
-
Size
1.1MB
-
MD5
ea171396e5a9412742d628b183828b05
-
SHA1
4907fd461c2ec02ea6ae2f401d8376962a0bc56f
-
SHA256
41491f91cb513298101664097cc0cbe4bd13e9f889a4059778a31265a22b49e8
-
SHA512
5c887375a0d13f12aa5419568164795c832968e7dc42e1869c8fee1091fc96965b7ce6185535fbef20fbfb136d0d6ab03dae74bd7862bd3ddadf72b50c21ebe1
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaWmqgnzXmGoyq5:3h+ZkldoPK8YaWmxnq5
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-