General
-
Target
4666a51c6fef5c674a2f9596f5dfc485d0ed15646c1009ae3b586ddc78ed0910.exe
-
Size
646KB
-
Sample
250111-dlln8s1jdt
-
MD5
ac22c06dc5935fa505a8a22b0dfb11fc
-
SHA1
373930e97a443221ac51cbbe5619d756d5d1d178
-
SHA256
4666a51c6fef5c674a2f9596f5dfc485d0ed15646c1009ae3b586ddc78ed0910
-
SHA512
2d7352923c4c93890e2501b093a5713021b4fcda14b95bceff3dd94a6f4c551dfca50ca5fd217c03460b14303ccb436aed49f0ebfe9f7d5dc52ae26c796a9012
-
SSDEEP
12288:iul9Z7a0GM4Rb9So1JELBYaKMwHI/IZ5/tAV2tYUjPtfRXPjvFqpp:rawLAIQZ4VMF1RXPjtqX
Malware Config
Extracted
formbook
4.1
a02d
coplus.market
oofing-jobs-74429.bond
healchemists.xyz
oofcarpenternearme-jp.xyz
enewebsolutions.online
harepoint.legal
88977.club
omptables.xyz
eat-pumps-31610.bond
endown.graphics
amsexgirls.website
ovevibes.xyz
u-thiensu.online
yblinds.xyz
rumpchiefofstaff.store
erzog.fun
rrm.lat
agiclime.pro
agaviet59.shop
lbdoanhnhan.net
Targets
-
-
Target
4666a51c6fef5c674a2f9596f5dfc485d0ed15646c1009ae3b586ddc78ed0910.exe
-
Size
646KB
-
MD5
ac22c06dc5935fa505a8a22b0dfb11fc
-
SHA1
373930e97a443221ac51cbbe5619d756d5d1d178
-
SHA256
4666a51c6fef5c674a2f9596f5dfc485d0ed15646c1009ae3b586ddc78ed0910
-
SHA512
2d7352923c4c93890e2501b093a5713021b4fcda14b95bceff3dd94a6f4c551dfca50ca5fd217c03460b14303ccb436aed49f0ebfe9f7d5dc52ae26c796a9012
-
SSDEEP
12288:iul9Z7a0GM4Rb9So1JELBYaKMwHI/IZ5/tAV2tYUjPtfRXPjvFqpp:rawLAIQZ4VMF1RXPjtqX
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-