General
-
Target
2817a9a6fc061c9f8e6e7c341b778b403ceaeb439cb8e40760c908ada5c323cd.exe
-
Size
764KB
-
Sample
241205-s8rw4axkep
-
MD5
1d278e311f71d28a7b468c9e8c42d3e8
-
SHA1
9deb9da31e00f63d2a607d717c26a3d29e1ded5f
-
SHA256
2817a9a6fc061c9f8e6e7c341b778b403ceaeb439cb8e40760c908ada5c323cd
-
SHA512
2c994e0637a9a0ed662f65a8316aee8c8d781f5770090e4bb6e35315dc9f042cb4f712fbe7a809424ad9391299beec23dfccf010d55d063186485af49b3f813f
-
SSDEEP
12288:vcmEZ3bkiEWVZ25bNMHWQLElf7MIboj2buIVToTX6PUVgIGi7TykR:vEtBEWVE5GHWQLEl+2t0TqUVgK
Malware Config
Extracted
formbook
4.1
rn94
st68v.xyz
conciergenotary.net
qwechaotk.top
rtpdonatoto29.xyz
8ad.xyz
powermove.top
cameras-30514.bond
vanguardcoffee.shop
umoe53fxc1bsujv.buzz
consultoriamax.net
hplxx.com
ndu.wtf
yzh478c.xyz
bigbrown999.site
xiake07.asia
resdai.xyz
the35678.shop
ba6rf.rest
ceo688.com
phimxhot.xyz
Targets
-
-
Target
2817a9a6fc061c9f8e6e7c341b778b403ceaeb439cb8e40760c908ada5c323cd.exe
-
Size
764KB
-
MD5
1d278e311f71d28a7b468c9e8c42d3e8
-
SHA1
9deb9da31e00f63d2a607d717c26a3d29e1ded5f
-
SHA256
2817a9a6fc061c9f8e6e7c341b778b403ceaeb439cb8e40760c908ada5c323cd
-
SHA512
2c994e0637a9a0ed662f65a8316aee8c8d781f5770090e4bb6e35315dc9f042cb4f712fbe7a809424ad9391299beec23dfccf010d55d063186485af49b3f813f
-
SSDEEP
12288:vcmEZ3bkiEWVZ25bNMHWQLElf7MIboj2buIVToTX6PUVgIGi7TykR:vEtBEWVE5GHWQLEl+2t0TqUVgK
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-