General
-
Target
Staff performance report..vbs
-
Size
1.1MB
-
Sample
240604-gtrf8sff2x
-
MD5
d3e2b3429359297758743cc96d94af79
-
SHA1
70687fb4c366b1a95a651536a4e7270ae4a0382f
-
SHA256
ea06432b0fe0200a91d19856ff8c0a24fc6bbb52c7ba49f6309555ac7d6797ea
-
SHA512
f4662459f8315bd6f410bb586bc6c246d8b9a1b2d519ed0852b566fd9bb9a5e76ac8c2994a4bc1443391ae451a39d50b90f81ba953c57ff55c50d6f6e38ab9de
-
SSDEEP
12288:W31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjLL:WYz64+2SjX
Malware Config
Extracted
formbook
4.1
sh31
eegstudya-neuroeobc.com
hairbygeorginac.com
madeat.work
datalakeflow.com
hnhuamu.com
masterlynn.com
cartingclubcity.com
desototo.com
pudgyverse.app
wealththroughtransformation.com
gloria-grace.com
bqshuw.com
fmmob.com
ytrom.xyz
boga77.lol
22143.vip
whiskeyandwaters.com
ascogentgo.com
dcshoespascher.com
ozphilmarket.com
Targets
-
-
Target
Staff performance report..vbs
-
Size
1.1MB
-
MD5
d3e2b3429359297758743cc96d94af79
-
SHA1
70687fb4c366b1a95a651536a4e7270ae4a0382f
-
SHA256
ea06432b0fe0200a91d19856ff8c0a24fc6bbb52c7ba49f6309555ac7d6797ea
-
SHA512
f4662459f8315bd6f410bb586bc6c246d8b9a1b2d519ed0852b566fd9bb9a5e76ac8c2994a4bc1443391ae451a39d50b90f81ba953c57ff55c50d6f6e38ab9de
-
SSDEEP
12288:W31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjLL:WYz64+2SjX
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-