General
-
Target
f228af74ecf7302bb5e8d9ce8060a9aa3fc2bd583bd477e23543452cf1cebad6.exe
-
Size
584KB
-
Sample
241203-rbjnsatnel
-
MD5
45209596ce41c4359e9006a940042763
-
SHA1
8559b5a187ee146a869301e5c0fb23a5c4510772
-
SHA256
f228af74ecf7302bb5e8d9ce8060a9aa3fc2bd583bd477e23543452cf1cebad6
-
SHA512
16828ed08e983b6fc1fce972ccfcea10dd0dccbf67602557b7071802d0f01e4754a63284ea05a9798cf7c8784d663ddc9d51fd601fe6f7b4407714b6bc3b1c39
-
SSDEEP
12288:VndZauZt06GQyWgYOsmLzFcWMphB2/VawLTl761wXK7WqpyK:5dZauZtP1VOsmLJcWMphQrHg870yK
Malware Config
Extracted
formbook
4.1
gy15
hairsdeals.today
acob-saaad.buzz
9955.club
gild6222.vip
nline-shopping-56055.bond
lmadulles.top
utemodels.info
ighdd4675.online
nqqkk146.xyz
avasales.online
ortas-de-madeira.today
haad.xyz
races-dental-splints-15439.bond
hilohcreekpemf.online
rrivalgetaways.info
orktoday-2507-02-sap.click
eceriyayinlari.xyz
lsurfer.click
aston-saaae.buzz
etrot.pro
Targets
-
-
Target
f228af74ecf7302bb5e8d9ce8060a9aa3fc2bd583bd477e23543452cf1cebad6.exe
-
Size
584KB
-
MD5
45209596ce41c4359e9006a940042763
-
SHA1
8559b5a187ee146a869301e5c0fb23a5c4510772
-
SHA256
f228af74ecf7302bb5e8d9ce8060a9aa3fc2bd583bd477e23543452cf1cebad6
-
SHA512
16828ed08e983b6fc1fce972ccfcea10dd0dccbf67602557b7071802d0f01e4754a63284ea05a9798cf7c8784d663ddc9d51fd601fe6f7b4407714b6bc3b1c39
-
SSDEEP
12288:VndZauZt06GQyWgYOsmLzFcWMphB2/VawLTl761wXK7WqpyK:5dZauZtP1VOsmLJcWMphQrHg870yK
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-