General
-
Target
JaffaCakes118_477ddc74e2ba9f90e99a065bd29df9304d4cfb94c80a2522d5e52b88091d0a42
-
Size
1016KB
-
Sample
241224-1apcbaxphs
-
MD5
d84f2c40842eb1cba81da621e5a07d04
-
SHA1
ec67e1850e3ac6051b3daceb1dda1995d577e2e3
-
SHA256
477ddc74e2ba9f90e99a065bd29df9304d4cfb94c80a2522d5e52b88091d0a42
-
SHA512
ca4a9835532263f8e15dc83fc137df0c6b42eedc0c67fba0f7a6c73444879a5308b237becbfb876d756a691dc79af3767fb10a6d72913055da6f13f4a9a6a74f
-
SSDEEP
24576:E2UB/J/y2zdvvD7DY0Z3+NHCRwj5/1LfjctyAOfJ41JQ8k:Iha2xT5Z3+xLj5NclOR41Cd
Malware Config
Extracted
formbook
4.1
csn6
abmppo.club
a-great-dbt-cnsldtn-uk.fyi
intellidiets.com
giventt.com
mil-pay.com
endnotesg.xyz
balconygraze.xyz
cureply.online
musicmaster.digital
animevalhalla.com
nmtoinao.xyz
origotukau8.club
environmentalindustrial.com
loredanaprofumeria.com
marilynmarilynmarilyn.com
brodysinghhukpb.com
cangguavenue.com
themagicmoose.com
teamonston.com
cumthem.com
Targets
-
-
Target
uALWGsOK8vuuevn.exe
-
Size
1.0MB
-
MD5
d76584afeaeb9111b312ca870ea94f52
-
SHA1
a428a457514fc6ad0426e983d646b554050e8176
-
SHA256
273481ccb3fe3c8f7d756a02fb9ddfcdf36a7e8a65abdc3dc66abf7546e701ef
-
SHA512
1166b92986d093f0a2ac189bb09c1ceec63bd229a18044c4d196b711e21e159fd178cf170db72d510e45ca2da5fdd7ffb854ba76a0d13d7790b6ba1329403ca4
-
SSDEEP
24576:iH8WY71q/qeY38csNmg8pGPYlv89bEzj/AT1qy21:0a1qUMLNwpl89ybGs
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-