General
-
Target
eda2a3697b4e225f87d1b030dc3c44b0N.exe
-
Size
615KB
-
Sample
240804-pny8wsvfjr
-
MD5
eda2a3697b4e225f87d1b030dc3c44b0
-
SHA1
7e7ac637c5e7e02983a3e4f986c672cf5296f884
-
SHA256
20c39a927f20f265fcb976c59701038dd425fd58cdd1cbab997038027d7e9265
-
SHA512
167e292c6ed7f819d12a085f693de07f496848e26396ac97ba22b0d9db4d08758fdcac1eedfd390dfef9b5eec4c00f15a951a891e918745a13de55529d996cef
-
SSDEEP
12288:NJDeM2fEkbEJjgRLDXpZd8i2V26gwaYyH/FazXqhp1jMSDukR:baZEkbxnXDY2wa9NgXa1jF
Malware Config
Extracted
formbook
4.1
oi12
exobello.bio
boinga.xyz
animasriversurf.com
gamesflashg.com
hayatbagievleri.online
washington-living.com
july7.store
x-pod-technologies.com
farmhouseflaire.com
qb52aa.top
datasynthing.xyz
5v28n.rest
legacycommerceltd.com
mundodelosjuguetes.com
wjblades.com
z9b6g8.com
eskimotech.net
dreziuy.xyz
bestsolarcompanies.services
vertemisconsulting.com
Targets
-
-
Target
eda2a3697b4e225f87d1b030dc3c44b0N.exe
-
Size
615KB
-
MD5
eda2a3697b4e225f87d1b030dc3c44b0
-
SHA1
7e7ac637c5e7e02983a3e4f986c672cf5296f884
-
SHA256
20c39a927f20f265fcb976c59701038dd425fd58cdd1cbab997038027d7e9265
-
SHA512
167e292c6ed7f819d12a085f693de07f496848e26396ac97ba22b0d9db4d08758fdcac1eedfd390dfef9b5eec4c00f15a951a891e918745a13de55529d996cef
-
SSDEEP
12288:NJDeM2fEkbEJjgRLDXpZd8i2V26gwaYyH/FazXqhp1jMSDukR:baZEkbxnXDY2wa9NgXa1jF
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-