General
-
Target
JaffaCakes118_82dd2bfd25a61da5662242efc077d1ac5994b4fadd3cb6c6d1668a5821db3840
-
Size
845KB
-
Sample
241224-xlsbkatqhx
-
MD5
5e6ba6cfba4715b7e6b6f2d6c16d4e70
-
SHA1
45a896925df7bf74eee41338050831b6446285fd
-
SHA256
82dd2bfd25a61da5662242efc077d1ac5994b4fadd3cb6c6d1668a5821db3840
-
SHA512
c253cd06e3919d85b9730a40b3e7485e277760a51d988eaeb6dbc2cc545dc4ec749ef8c4389f6b60bb9c60713bcac468df461dc422e90c4848f125b372c72fdc
-
SSDEEP
24576:UzQZ8SrPuBEBXmMXPTVBvsONO3qJuJIKUeKs+:U6yBEBrJqOguYKeKs
Malware Config
Extracted
formbook
4.1
jr22
941zhe.com
lunarportal.space
xn--osmaniyeiek-t9ab.online
trejoscar.com
nrnursery.com
quizcannot.cfd
seedstockersthailand.com
watsonwindow.com
wjfholdings.com
weziclondon.com
naruot.xyz
yeji.plus
classicmenstore.com
oharatravel.com
therapyplankits.com
keviegreshonpt.com
qdlyner.com
seithupaarungal.com
casinorates.online
8ug4as.icu
Targets
-
-
Target
Santander confirming Aviso de pago 204563170sanlccjavap0003.exe
-
Size
1.0MB
-
MD5
e5642a38bb30edfbcbe6a6310a957947
-
SHA1
ccaaf390759ed34d4ac19845c3ec7b36d9c71596
-
SHA256
fae26e4e053e961e5915ce5c4f61fc17ef33ca7252b0bfeb253cd3f15a2014cd
-
SHA512
8981e5e999a41a01237bea5715df1180995438851d1838ea8d76ce02b38b9ab3933b5f60c16750437e0bf420bf6b4dbdb73a5cbace48b12a4a97c0825b42d737
-
SSDEEP
24576:kqqo1m20WeUUidksW25gr4sgoSZMKLdba7AuuzXdLd+Epw:kqZg2ZjgVBwdWMNzf+Epw
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-