General
-
Target
11-29-22.zip
-
Size
39KB
-
Sample
221129-qms6xscg28
-
MD5
618f83925c64ae90e409ab4dd93b2977
-
SHA1
0ac6374184997f1700262ca0fef8f5e5abeb5538
-
SHA256
6fe094ec30939499261cd11a9f01973454719bf53617b1692b1089ac6607a79a
-
SHA512
41104ae618cdb1761b7bd350fcd78791c10e61b84e4c681b6c0b8a32c270f2e39c3654a9a85c3658dd32075bc44ebd00e4aae3933fa123b31779c6fdd26555f5
-
SSDEEP
768:HgnJ8USvpuwYF+AC1rWFm4EUDZxlN+H6YT487TSceImzP+Tfdw:Ae/vfYi6FxJI/T48gImzo2
Malware Config
Extracted
formbook
4.1
fs44
whneat.com
jljcw.net
pocodelivery.com
outofplacezine.com
yavuzcansigorta.com
xinhewood-cn.com
cartogogh.com
5avis.com
joyceyong.art
digitalsurf.community
blackcreekbarns.com
magazinedistribuidor.com
sportsgross.com
drevom.online
mayibeofservice.com
gareloi-digit.com
permitha.net
renaissanceestetica.com
facts-r-friends.com
dach-loc.com
Targets
-
-
Target
11-29-22.exe
-
Size
121KB
-
MD5
e906026bef372da3ac8618be9c0a1787
-
SHA1
d98429fcff9d667e116c8b99469070e7bdb0de59
-
SHA256
d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324
-
SHA512
403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb
-
SSDEEP
3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-