General
-
Target
f6f8e9f276a4246055e3bdc46ad1276ef453cbf6d6e8affe67127ea0099bece8
-
Size
692KB
-
Sample
241203-q7d8hayjcy
-
MD5
6d137688fd296841b3f9e6b5df57a0fe
-
SHA1
8734f0b46d14f1af7b78d216ec4c120d87b8a636
-
SHA256
f6f8e9f276a4246055e3bdc46ad1276ef453cbf6d6e8affe67127ea0099bece8
-
SHA512
dd9706e44a2930959322ad9429fb9155f2b3755c8a1b8d7440e442f754c9082475e096cf4ffc05d039f5c3eff9dca43e2fd826a636d8a46dad61ec049d487439
-
SSDEEP
12288:fRwEIR4R52J+XtCKSX0YxwIPYRPXrmoEDK1vzXYlznMriukrrZIR:fRwEIeevKA0KwIPYd7mopslBI
Malware Config
Extracted
formbook
4.1
bc01
epatitis-treatment-26155.bond
52cy67sk.bond
nline-degree-6987776.world
ingxingdiandeng-2033.top
mberbreeze.cyou
48xc300mw.autos
obs-for-seniors-39582.bond
tpetersburg-3-tonn.online
egafon-parser.online
172jh.shop
ltraman.pro
bqfhnys.shop
ntercash24-cad.homes
uhtwister.cloud
alk-in-tubs-27353.bond
ucas-saaad.buzz
oko.events
8080713.xyz
refabricated-homes-74404.bond
inaa.boo
Targets
-
-
Target
f6f8e9f276a4246055e3bdc46ad1276ef453cbf6d6e8affe67127ea0099bece8
-
Size
692KB
-
MD5
6d137688fd296841b3f9e6b5df57a0fe
-
SHA1
8734f0b46d14f1af7b78d216ec4c120d87b8a636
-
SHA256
f6f8e9f276a4246055e3bdc46ad1276ef453cbf6d6e8affe67127ea0099bece8
-
SHA512
dd9706e44a2930959322ad9429fb9155f2b3755c8a1b8d7440e442f754c9082475e096cf4ffc05d039f5c3eff9dca43e2fd826a636d8a46dad61ec049d487439
-
SSDEEP
12288:fRwEIR4R52J+XtCKSX0YxwIPYRPXrmoEDK1vzXYlznMriukrrZIR:fRwEIeevKA0KwIPYd7mopslBI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-