General
-
Target
00a3968fb3a696b1b727946dea0df4cee56e6ad24c3db208055bd31acf434bfe
-
Size
630KB
-
Sample
241007-gn6zqstcke
-
MD5
320a3c5ca12dffb28041bce5dcfd794c
-
SHA1
fbfdb9d1d71792f7b5e84aa1648f71ba69fcf26e
-
SHA256
00a3968fb3a696b1b727946dea0df4cee56e6ad24c3db208055bd31acf434bfe
-
SHA512
e2d076b30ec88a5d5200bbe3924c87ba011ff3bcf1d2883f4826e23ec80623ffaefecb3cc3c716f9f2b65eef59bedbcdd0a6cf7411d0d86c9224e951eae5ad3f
-
SSDEEP
12288:rGf28N0zYcjYC1wjfkZYDt3AgI6E+EefkPlCentYDFLDA+HG7isZ:rU28upYC1StA+t89Cer+H8Z
Malware Config
Extracted
formbook
4.1
c24t
ealthbridgeccs.online
ngelicais.art
uktuksu1.sbs
fapoker.asia
hecreature.tech
orenzoplaybest14.xyz
op-smartphones-deal.today
delark.click
7395.asia
otnews.cfd
j16e.xyz
oko.events
fscxb.top
roudtxliberals.vote
asas-br.bond
ourhealthyourlife.shop
fbpd.top
j9u9.xyz
uijiuw.top
aming-chair-37588.bond
Targets
-
-
Target
RFQ - 401.exe
-
Size
697KB
-
MD5
4be29153bc863fa6d2914aab9759e6aa
-
SHA1
eb30dab7d18b7bbf2673573cc96da82f6374d85b
-
SHA256
ffaa78a8a97885716e7dbe2a4a7ed9e1593ea5690f02f79f5d63c9b4964559da
-
SHA512
f3b861ecec9500c4ef20a4750c78b7505d42be16a9bfc3473fd8270720409a7a331af4d423f7bffc3065873a654a23370ebc229ecbfad591dae5dbf2239a9e29
-
SSDEEP
12288:P1A+f0e7eDuu9f8ZYDrQ1I6030Ro1JPCnW3tQsBRwdFKPQhilBr4E1Pm6/cOkR:Prx4rb30RovKW3rReFSQIv1Q6/u
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-