General
-
Target
a3af3dcfd89b655982b6e044b681b140dcefbe0606d69b0b7839b8cda28ccc91.exe
-
Size
650KB
-
Sample
250115-dmbwesymg1
-
MD5
1b507df9a13477b647da450a1b79b2e7
-
SHA1
b0de85855b3462fe0b37c79831b391eeb044e437
-
SHA256
a3af3dcfd89b655982b6e044b681b140dcefbe0606d69b0b7839b8cda28ccc91
-
SHA512
37dcc8dd92a84009f81ebf394001de49bcf75818227bdbe135578f8f1dc57f4119c4cb6efd91ec70fe12202854ca472ec7435d3c0f713bf770f09967d61fe6a7
-
SSDEEP
12288:kYRxA4Y5lyA/BxSPC3NMl2v/wXb5DDH6dcW6f8HtdJqT6B2zJxWVqHU:bRB2XM5UN60STUAJE
Malware Config
Extracted
formbook
4.1
a01d
eniorshousing05.shop
rywisevas.biz
4726.pizza
itchen-design-42093.bond
3456.tech
4825.plus
nlinecraps.xyz
itamins-52836.bond
nfluencer-marketing-40442.bond
nline-advertising-58573.bond
rautogroups.net
limbtrip.net
oftware-download-14501.bond
nline-advertising-66733.bond
erity.xyz
xknrksi.icu
x-ist.club
yber-security-26409.bond
oincatch.xyz
onitoring-devices-34077.bond
Targets
-
-
Target
a3af3dcfd89b655982b6e044b681b140dcefbe0606d69b0b7839b8cda28ccc91.exe
-
Size
650KB
-
MD5
1b507df9a13477b647da450a1b79b2e7
-
SHA1
b0de85855b3462fe0b37c79831b391eeb044e437
-
SHA256
a3af3dcfd89b655982b6e044b681b140dcefbe0606d69b0b7839b8cda28ccc91
-
SHA512
37dcc8dd92a84009f81ebf394001de49bcf75818227bdbe135578f8f1dc57f4119c4cb6efd91ec70fe12202854ca472ec7435d3c0f713bf770f09967d61fe6a7
-
SSDEEP
12288:kYRxA4Y5lyA/BxSPC3NMl2v/wXb5DDH6dcW6f8HtdJqT6B2zJxWVqHU:bRB2XM5UN60STUAJE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-