General
-
Target
5aec55bf10e81eaddb865b7a91339e137b25b681a768caa914c608d3cdf51449
-
Size
724KB
-
Sample
241105-sp8qhathpl
-
MD5
fc28202d3482b050d95e52ebcb8f29f1
-
SHA1
a48ded154889d64e949092313fb01268123fc81b
-
SHA256
5aec55bf10e81eaddb865b7a91339e137b25b681a768caa914c608d3cdf51449
-
SHA512
587da4cb23d73eea596cbd7aa929441f48fee49eb51d29ffdfc4bea2ca7d8de6d2781f74621554dfc5ae08f90caeb47c93205562d9b33c7d587d43b72cd2d5a3
-
SSDEEP
12288:bM3ZJglIWeQhes2sqnEDOKDVlN16OAlo5bCBreJCOgdfN/ZnLiPp:IAZhes2RnE7D3TxT5beEgd1/Zu
Malware Config
Extracted
formbook
4.1
rp26
rn3grmg9.sbs
4644.one
18tbo.com
c9max.shop
8914.loan
eptacore.xyz
ormto.website
vcreative.store
anglaoshi13.buzz
ewa123.bid
vantiverdeoficial.shop
sik89starwin.fun
niquestorebd.xyz
assword-manager-41452.bond
uccessproit.shop
kl1tuvy0.asia
titchinheavenqs.shop
w178.top
errari-mieten-dubai.click
ba-103mu.net
Targets
-
-
Target
5aec55bf10e81eaddb865b7a91339e137b25b681a768caa914c608d3cdf51449
-
Size
724KB
-
MD5
fc28202d3482b050d95e52ebcb8f29f1
-
SHA1
a48ded154889d64e949092313fb01268123fc81b
-
SHA256
5aec55bf10e81eaddb865b7a91339e137b25b681a768caa914c608d3cdf51449
-
SHA512
587da4cb23d73eea596cbd7aa929441f48fee49eb51d29ffdfc4bea2ca7d8de6d2781f74621554dfc5ae08f90caeb47c93205562d9b33c7d587d43b72cd2d5a3
-
SSDEEP
12288:bM3ZJglIWeQhes2sqnEDOKDVlN16OAlo5bCBreJCOgdfN/ZnLiPp:IAZhes2RnE7D3TxT5beEgd1/Zu
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-