General
-
Target
e7392c3db5bcda2a21a94614bdc05fb13f7ebd4d141ce80e82f87f7455bf79cf
-
Size
546KB
-
Sample
241108-cbebqsvnfl
-
MD5
dd4d11d99ea3ab4bc3c9c6ba3921807e
-
SHA1
9b781ee0138c7a2a97e5f0a90cd88aa82569c307
-
SHA256
e7392c3db5bcda2a21a94614bdc05fb13f7ebd4d141ce80e82f87f7455bf79cf
-
SHA512
bc60caec46d66ca3fd5148ce3c9951a2549d5df0750faba31ca009960a4228f0d298709726a848c600a983a9c3be612c2de4a502ea197973008ca9a981ae7913
-
SSDEEP
12288:zxp2ZyZOl9+enW5rIdjmnxrM7qPl6g0E3LeAuU:zTKycllcrIdCnmyl6h+uU
Malware Config
Extracted
formbook
4.1
o17i
chocolatebarreview.com
fetch-a-trabajos-canada.info
expresspestcontrol.net
tractionx.co.uk
vitalassetsecurity.com
lahtawine.ru
firedamagereports.com
bentzenphotography.com
digitalworkforces.com
divnoe.online
efefbig.buzz
melhardy.co.uk
igorsolutions.com
developmentszhuiservice.com
fookspace.com
kredaroo.com
4zpm.xyz
kycecat.cfd
singingriverhomeimprovement.com
bils.store
Targets
-
-
Target
8f61fd5ce3c2fa9186c75e703ce9e38d66538b9fe2214dd78d2df4c2c7cbda1b.exe
-
Size
771KB
-
MD5
a6718dd552a34001f40ced365b16d1ee
-
SHA1
f40747dd6f9bd62751bc2b9734dd5bbe8e92723a
-
SHA256
8f61fd5ce3c2fa9186c75e703ce9e38d66538b9fe2214dd78d2df4c2c7cbda1b
-
SHA512
fbca66394755bf974e7abe6f215048e7f19ae2b9630036e0e04fc2e420332f2f40f84de4dfb78b65c41f9855dd3963513efad1395a5cfaf73616a0dfeff9ddf5
-
SSDEEP
12288:RblmTdKCcfCQtVKr2hXFn+8WnTN77B2qjsH0y:xlmAdE291+86d
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-