General
-
Target
83741a566ed8044f4692b4070986ecb9.bin
-
Size
6KB
-
Sample
240327-de939aeb6t
-
MD5
a1804a84b6936d0bf9803802f69dd61d
-
SHA1
2b251b805852dda35867ab076acef14e579a82c2
-
SHA256
5e19b45849b0d53d8055f74f922811f3b158f599d303f8308caa87ecc178edc0
-
SHA512
6b88e9b7f3f184de4ab5975fa246ae3c006eb115d207d703f82447d3a71d5d76efc0da4246633d0f158c6fba3e3d68b66539143601a03a0692f2fba6384cac20
-
SSDEEP
192:WgYcT6p7ayswosKBA+Z/2p9pu9TrtsEzebN:WNMnwoy99puRrebN
Malware Config
Extracted
formbook
4.1
tt15
wholeplant.online
pornimmersive.site
gelcreativecollabs.com
novanewsbrasil.com
prefabhomes2024th.space
stelautosrl.online
wellnessmindfulhealth.com
qhgly.lol
thefutureshub.com
compk5l.info
insurance-offers.com
de-solarroof.today
pn-pasarwajo.com
rachelelice.com
inkninsight.com
innoviewclinical.com
austrofoods.com
mayanlanguagesaccess.co
ablaiserver.com
staffcanteencook200.buzz
Targets
-
-
Target
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs
-
Size
10KB
-
MD5
83741a566ed8044f4692b4070986ecb9
-
SHA1
921fa0b4bbe043a6a2a9b972bceab1088acda6f5
-
SHA256
aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a
-
SHA512
a4449f4ec76b25d0a8802afb93791c4522b1fcd14401349172d57ca93817a249b6fa8df2119b76ea3f76a9826592e54de17f0012b9d24d3fcc07bce7fa37bbde
-
SSDEEP
192:2M+7O579hFNNFU4wlr4ZRR/038AVVtkfLda+V9+ZMoce5QmDRs4ngSN+:2M+7O57dFU4wlr4r038AVQfL4+SZt13w
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Formbook payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-