General
-
Target
e69d37275cc3b52a9d3a26f76073191ab8f59901781b5ef2859f33dee2252ddc.exe
-
Size
724KB
-
Sample
250116-d7esta1nfp
-
MD5
595417bf40423929716d259aa6151e68
-
SHA1
3adf3f7db8401715e7b73c50e1feee8b034b2f88
-
SHA256
e69d37275cc3b52a9d3a26f76073191ab8f59901781b5ef2859f33dee2252ddc
-
SHA512
03122a9d4fa3b0426d3e10bb1700c6060300b391fd1fb49242c694485a753dc7e6a5d5edc9147f469774b04f3444bf77a3ebe930c68275456309b99ca50a1f60
-
SSDEEP
12288:sbnXloJNhQ/cWS7stu8HP1RhXtriB5VIenigsc5YK9ygCvSDH6Way22keYeJa9:eiJN+UVsw2P3tcnRYK6SDh4eE
Malware Config
Extracted
formbook
4.1
a02d
coplus.market
oofing-jobs-74429.bond
healchemists.xyz
oofcarpenternearme-jp.xyz
enewebsolutions.online
harepoint.legal
88977.club
omptables.xyz
eat-pumps-31610.bond
endown.graphics
amsexgirls.website
ovevibes.xyz
u-thiensu.online
yblinds.xyz
rumpchiefofstaff.store
erzog.fun
rrm.lat
agiclime.pro
agaviet59.shop
lbdoanhnhan.net
Targets
-
-
Target
e69d37275cc3b52a9d3a26f76073191ab8f59901781b5ef2859f33dee2252ddc.exe
-
Size
724KB
-
MD5
595417bf40423929716d259aa6151e68
-
SHA1
3adf3f7db8401715e7b73c50e1feee8b034b2f88
-
SHA256
e69d37275cc3b52a9d3a26f76073191ab8f59901781b5ef2859f33dee2252ddc
-
SHA512
03122a9d4fa3b0426d3e10bb1700c6060300b391fd1fb49242c694485a753dc7e6a5d5edc9147f469774b04f3444bf77a3ebe930c68275456309b99ca50a1f60
-
SSDEEP
12288:sbnXloJNhQ/cWS7stu8HP1RhXtriB5VIenigsc5YK9ygCvSDH6Way22keYeJa9:eiJN+UVsw2P3tcnRYK6SDh4eE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-