General
-
Target
4a3155f670006fb3500ca917e16b710f06f2a5f0d1345fb5824f732ec9d34c37.exe
-
Size
829KB
-
Sample
240725-dasy6sxcma
-
MD5
59188cacdad5d6c8e3a0dae4b4a6680d
-
SHA1
82dc5ba9a229e30d96b1eedd05c404a5b4d49288
-
SHA256
4a3155f670006fb3500ca917e16b710f06f2a5f0d1345fb5824f732ec9d34c37
-
SHA512
0e0e43544ec5f21f941b041bcef31bd4372f525c05f8c4c1d91a695b85baecf06c4f62c59be1bce2e374dc7dc672df91678f59cb36c4ffcb6839874a1acc7ad2
-
SSDEEP
24576:fXRv6ZaOmXiJx7E6rSyT6Oiq/sIwieBjsq9Nn:PJ1OGiXoOnTHIVieBjj9Nn
Malware Config
Extracted
formbook
4.1
pz12
paucanyes.com
autonwheels.com
cowboysandcaviarbar.com
fitnessengineeredworkouts.com
nuevobajonfavorito.com
dflx8.com
rothability.com
sxybet88.com
onesource.live
brenjitu1904.com
airdrop-zero1labs.com
guangdongqiangzhetc.com
apartments-for-rent-72254.bond
ombak99.lol
qqfoodsolutions.com
kyyzz.com
thepicklematch.com
ainth.com
missorris.com
gabbygomez.com
Targets
-
-
Target
4a3155f670006fb3500ca917e16b710f06f2a5f0d1345fb5824f732ec9d34c37.exe
-
Size
829KB
-
MD5
59188cacdad5d6c8e3a0dae4b4a6680d
-
SHA1
82dc5ba9a229e30d96b1eedd05c404a5b4d49288
-
SHA256
4a3155f670006fb3500ca917e16b710f06f2a5f0d1345fb5824f732ec9d34c37
-
SHA512
0e0e43544ec5f21f941b041bcef31bd4372f525c05f8c4c1d91a695b85baecf06c4f62c59be1bce2e374dc7dc672df91678f59cb36c4ffcb6839874a1acc7ad2
-
SSDEEP
24576:fXRv6ZaOmXiJx7E6rSyT6Oiq/sIwieBjsq9Nn:PJ1OGiXoOnTHIVieBjj9Nn
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-