General
-
Target
eb9de075c6c5ac3dae5ec163fe9d8abeccf9edc3bdeed05364dcacf64c9550d2.exe
-
Size
637KB
-
Sample
240905-cbwwsa1cmj
-
MD5
d44cbc7808ef4ca0e9007ed7812ac54c
-
SHA1
3562886c50d64e72079e0bad936c065027acb6f1
-
SHA256
eb9de075c6c5ac3dae5ec163fe9d8abeccf9edc3bdeed05364dcacf64c9550d2
-
SHA512
6c256b5c66177a5dee6bc769c8fa782834feefdc584beeb503f89e0cedbc23a88dd98976774f0839765efeb137b1a87ffb71ff36659e560777f33601340816f4
-
SSDEEP
12288:WdwwoIc0QIH2j0ocLX6NBxa3+SYOhAbp8FCTzcDxuN+wsv5/s2cxkOxW/t+BA:WywoIc0QIH2EiBcPQTTzIuN+vv5ixW/e
Malware Config
Extracted
formbook
4.1
by21
digitalillusions.net
changeblue25.com
kitchenwoow.com
grupocontigoalimentacion.com
iranabr.com
embodiedmagic.com
superstoreszone.com
apartments-for-rent-46883.bond
kelbagnole.com
rideskratchlab.com
a06kng.club
saddlebredallstars.xyz
filepd.com
kxetdf.asia
dl39yy.com
jackedsearch.com
exodusprofessionaldetailing.com
ecommerce-40144.bond
uh3b94g3pyczi9t.skin
dcmcc635i.xyz
Targets
-
-
Target
eb9de075c6c5ac3dae5ec163fe9d8abeccf9edc3bdeed05364dcacf64c9550d2.exe
-
Size
637KB
-
MD5
d44cbc7808ef4ca0e9007ed7812ac54c
-
SHA1
3562886c50d64e72079e0bad936c065027acb6f1
-
SHA256
eb9de075c6c5ac3dae5ec163fe9d8abeccf9edc3bdeed05364dcacf64c9550d2
-
SHA512
6c256b5c66177a5dee6bc769c8fa782834feefdc584beeb503f89e0cedbc23a88dd98976774f0839765efeb137b1a87ffb71ff36659e560777f33601340816f4
-
SSDEEP
12288:WdwwoIc0QIH2j0ocLX6NBxa3+SYOhAbp8FCTzcDxuN+wsv5/s2cxkOxW/t+BA:WywoIc0QIH2EiBcPQTTzIuN+vv5ixW/e
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-