General
-
Target
MalwareBazaar.14
-
Size
620KB
-
Sample
240801-j89bps1cqp
-
MD5
035c35bf6a68763ba391504a7c6a4993
-
SHA1
2fb903b75098baf7d39fdc3db68cfb35e03100e8
-
SHA256
b731e1e07da1ab601c2773e2124f60e482f30f81bf2d1d64c3363c5d1f4ec08d
-
SHA512
4c6cbdcfed65bdcf1c37f93d02f6cf0ae839a3ac6016b594ff690a1d24615ba9abdeeb651734bb4b237c8cc9045e91c5ac25e1ed30b7762abe62a93a7170f049
-
SSDEEP
12288:j4lz4cX9/R3FcFCstoAsfqYFPV7PGuj9zcU/Nk8emr1y6m7H2ph1hRvjndCrkR:jcz4c7eFCseACJhzcU/Nkarub2fJvjdF
Malware Config
Extracted
formbook
4.1
ss24
agingwellhc.com
unikbetanggur.autos
eb2024yl.top
ja380.xyz
thehalcyon.studio
maudsoogrim.com
esteler10.click
mewtcp.xyz
www-zjbf1.club
kucinglucu.online
lunwencheck.com
65597.photos
erbxeu358h.top
startable.online
yousend.xyz
csharksg.com
centricoatings.com
ntruhslearn.xyz
achabakra.xyz
zuntool.com
Targets
-
-
Target
MalwareBazaar.14
-
Size
620KB
-
MD5
035c35bf6a68763ba391504a7c6a4993
-
SHA1
2fb903b75098baf7d39fdc3db68cfb35e03100e8
-
SHA256
b731e1e07da1ab601c2773e2124f60e482f30f81bf2d1d64c3363c5d1f4ec08d
-
SHA512
4c6cbdcfed65bdcf1c37f93d02f6cf0ae839a3ac6016b594ff690a1d24615ba9abdeeb651734bb4b237c8cc9045e91c5ac25e1ed30b7762abe62a93a7170f049
-
SSDEEP
12288:j4lz4cX9/R3FcFCstoAsfqYFPV7PGuj9zcU/Nk8emr1y6m7H2ph1hRvjndCrkR:jcz4c7eFCseACJhzcU/Nkarub2fJvjdF
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-