General
-
Target
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef.exe
-
Size
608KB
-
Sample
240802-blvwsswhmr
-
MD5
087a92aaf0a59bf4f54fafaae7b6a027
-
SHA1
a00135a4131ee743347f0ca3b3ac14427d008360
-
SHA256
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef
-
SHA512
3647d3c39bf93e5d6b429392296e469218d855e41894545a91fd51a5dbae5830784506a4c224e106824131e312c47944cf07b23b594d6de5e0b5eabec5cf5d1f
-
SSDEEP
12288:VV8wtNDc2pZ/Mrr8ya2DG/ARyQg5f5Yk/Z3qOoUD6QA:fFcmZErIZ0zg59R3qNAl
Malware Config
Extracted
formbook
4.1
as89
followcb.site
salutemanagement.com
shishiganggang.com
vanthuhay.xyz
nujekos.info
duckylucknodepositbonus.icu
ilemuelgroup.com
healnap.com
rezekitoto41.com
magicians-amino.click
fqr4dh.club
00050153.xyz
touchless-scoreboard.com
journaganstruevalue.com
connectingconcepts.biz
winraja88.com
mezcantina.com
cosmosfashions.com
dltholdingsandinvestments.com
vonlineb.com
Targets
-
-
Target
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef.exe
-
Size
608KB
-
MD5
087a92aaf0a59bf4f54fafaae7b6a027
-
SHA1
a00135a4131ee743347f0ca3b3ac14427d008360
-
SHA256
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef
-
SHA512
3647d3c39bf93e5d6b429392296e469218d855e41894545a91fd51a5dbae5830784506a4c224e106824131e312c47944cf07b23b594d6de5e0b5eabec5cf5d1f
-
SSDEEP
12288:VV8wtNDc2pZ/Mrr8ya2DG/ARyQg5f5Yk/Z3qOoUD6QA:fFcmZErIZ0zg59R3qNAl
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-