General
-
Target
eccd7dfeb19b4548dfef20db82d8b1e1.exe
-
Size
599KB
-
Sample
240926-jlehtaybka
-
MD5
eccd7dfeb19b4548dfef20db82d8b1e1
-
SHA1
83d90a828103c1d5d256749faf1c031203460949
-
SHA256
9a9381dbc7eea48c1a098e0b4d8432dc615b4f41ed697369f22833d8ceef9e9c
-
SHA512
365ec5386ad8d74a27eacfcdd91f3e74d13b84de456b97301f7a9504cac172d39f96994cd443f8b998963cf3f26425e42e6abec4d8743bb41da6e1f03bf6bd31
-
SSDEEP
12288:aB++PWUxinECnya0J4x04YaX8x+d0gsej4caNyEKaDBT5aba8VdtTJs:aB++OVxyMu4Ogd5cca4haCI
Malware Config
Extracted
formbook
4.1
btrd
everslane.com
prairieviewelectric.online
dszvhgd.com
papamuch.com
8129k.vip
jeffreestar.gold
bestguestrentals.com
nvzhuang1.net
anangtoto.com
yxfgor.top
practicalpoppers.com
thebestanglephotography.online
koormm.top
criika.net
audioflow.online
380747.net
jiuguanwang.net
bloxequities.com
v321c.com
sugar.monster
Targets
-
-
Target
eccd7dfeb19b4548dfef20db82d8b1e1.exe
-
Size
599KB
-
MD5
eccd7dfeb19b4548dfef20db82d8b1e1
-
SHA1
83d90a828103c1d5d256749faf1c031203460949
-
SHA256
9a9381dbc7eea48c1a098e0b4d8432dc615b4f41ed697369f22833d8ceef9e9c
-
SHA512
365ec5386ad8d74a27eacfcdd91f3e74d13b84de456b97301f7a9504cac172d39f96994cd443f8b998963cf3f26425e42e6abec4d8743bb41da6e1f03bf6bd31
-
SSDEEP
12288:aB++PWUxinECnya0J4x04YaX8x+d0gsej4caNyEKaDBT5aba8VdtTJs:aB++OVxyMu4Ogd5cca4haCI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-