General
-
Target
58dfe85f084bedbc1861ed4afada8f0e284a70e10c84065cc6df13adc9fb45db.exe
-
Size
690KB
-
Sample
250114-c25xdawqgm
-
MD5
40a0efae53cd30740fd47e5f79a46eae
-
SHA1
2ea4625d31a8c4fa8e6c9b3bc4abecc6341fe788
-
SHA256
58dfe85f084bedbc1861ed4afada8f0e284a70e10c84065cc6df13adc9fb45db
-
SHA512
0caabef7ce39f1d2fb4f21c7cf8f59da389babc1f590910ea85c8b5a4d28e40a572802ffdf55eef95d4c41999150a777b55825056b3b8d7bf744cb567fbee1e0
-
SSDEEP
12288:Qiv1uq3JfXyN9u9A0NAUFE/P37NfmAl12tZ9uLUxL7HNHJTs/m:RNuqfC/unmUQ7NpqLB
Malware Config
Extracted
formbook
4.1
a02d
coplus.market
oofing-jobs-74429.bond
healchemists.xyz
oofcarpenternearme-jp.xyz
enewebsolutions.online
harepoint.legal
88977.club
omptables.xyz
eat-pumps-31610.bond
endown.graphics
amsexgirls.website
ovevibes.xyz
u-thiensu.online
yblinds.xyz
rumpchiefofstaff.store
erzog.fun
rrm.lat
agiclime.pro
agaviet59.shop
lbdoanhnhan.net
Targets
-
-
Target
58dfe85f084bedbc1861ed4afada8f0e284a70e10c84065cc6df13adc9fb45db.exe
-
Size
690KB
-
MD5
40a0efae53cd30740fd47e5f79a46eae
-
SHA1
2ea4625d31a8c4fa8e6c9b3bc4abecc6341fe788
-
SHA256
58dfe85f084bedbc1861ed4afada8f0e284a70e10c84065cc6df13adc9fb45db
-
SHA512
0caabef7ce39f1d2fb4f21c7cf8f59da389babc1f590910ea85c8b5a4d28e40a572802ffdf55eef95d4c41999150a777b55825056b3b8d7bf744cb567fbee1e0
-
SSDEEP
12288:Qiv1uq3JfXyN9u9A0NAUFE/P37NfmAl12tZ9uLUxL7HNHJTs/m:RNuqfC/unmUQ7NpqLB
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-