General
-
Target
d93058ce47215773bfed7fc6a36c4991a4d3278ce71cfd6ec23d0c3b74566798.exe
-
Size
648KB
-
Sample
240212-ffrdmsdb45
-
MD5
b44c4a259319f20aed7c92bf63e38925
-
SHA1
ba2ec96325e0927dd4f7fd22c8038964f2a69f4b
-
SHA256
d93058ce47215773bfed7fc6a36c4991a4d3278ce71cfd6ec23d0c3b74566798
-
SHA512
23b74f84fc0cff7a3b31d465cc3a36963fb6d87d5a775eebc6f204bd4ac4ba6ac90537780bf43a5cab49417d371038e039da63a6e560b5be804571e5114f0b6d
-
SSDEEP
12288:BM61jp2g3Wwr/PaDhDOKNIfTzi+mZZUAzb5I4yGlhA2/cMYtn9O8eIC1GFBSV/T:Hp2edeOKNOKxdIshA1ze
Malware Config
Extracted
formbook
4.1
pz08
deespresence.com
fanyablack.com
papermoonnursery.com
sunriseclohting.store
jenstandsforarkansas.com
lkhtalentconsulting.com
baerana.com
hyperphit.com
davidianbrant.com
itkagear.com
web-findmy.site
liveforwardventures.com
skyenglearn.online
studio-sticky.store
yassa-hany.online
tacoshack479.com
bigtexture.xyz
erxkula.shop
go-bloggers.com
qwdlwys.site
Targets
-
-
Target
d93058ce47215773bfed7fc6a36c4991a4d3278ce71cfd6ec23d0c3b74566798.exe
-
Size
648KB
-
MD5
b44c4a259319f20aed7c92bf63e38925
-
SHA1
ba2ec96325e0927dd4f7fd22c8038964f2a69f4b
-
SHA256
d93058ce47215773bfed7fc6a36c4991a4d3278ce71cfd6ec23d0c3b74566798
-
SHA512
23b74f84fc0cff7a3b31d465cc3a36963fb6d87d5a775eebc6f204bd4ac4ba6ac90537780bf43a5cab49417d371038e039da63a6e560b5be804571e5114f0b6d
-
SSDEEP
12288:BM61jp2g3Wwr/PaDhDOKNIfTzi+mZZUAzb5I4yGlhA2/cMYtn9O8eIC1GFBSV/T:Hp2edeOKNOKxdIshA1ze
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-