General
-
Target
0198cc6636a1c05da00eb7457f498c6e1743fe0a9e3d50fc106621f862bf04dd.exe
-
Size
720KB
-
Sample
250117-ey2fwsspap
-
MD5
7b0fe6381be15f90bf9cd16adc67e332
-
SHA1
11ea9024f45bbd7a37791e9f23ee96de23655cd3
-
SHA256
0198cc6636a1c05da00eb7457f498c6e1743fe0a9e3d50fc106621f862bf04dd
-
SHA512
5fba23ff4057550e94974b0a995c07d1093ba91ba53abbee940c6af1e8e2d31858d85e7baf2d830e44859aaaa900d4c91246d2c3d5f553b3c41dbf5545428221
-
SSDEEP
12288:+8lWXV7OuHmoCdeRMBvhTb/EEK1KUMsFP+WZWM7vop:WObyMBRz21K/waM7vg
Malware Config
Extracted
formbook
4.1
a01d
eniorshousing05.shop
rywisevas.biz
4726.pizza
itchen-design-42093.bond
3456.tech
4825.plus
nlinecraps.xyz
itamins-52836.bond
nfluencer-marketing-40442.bond
nline-advertising-58573.bond
rautogroups.net
limbtrip.net
oftware-download-14501.bond
nline-advertising-66733.bond
erity.xyz
xknrksi.icu
x-ist.club
yber-security-26409.bond
oincatch.xyz
onitoring-devices-34077.bond
Targets
-
-
Target
0198cc6636a1c05da00eb7457f498c6e1743fe0a9e3d50fc106621f862bf04dd.exe
-
Size
720KB
-
MD5
7b0fe6381be15f90bf9cd16adc67e332
-
SHA1
11ea9024f45bbd7a37791e9f23ee96de23655cd3
-
SHA256
0198cc6636a1c05da00eb7457f498c6e1743fe0a9e3d50fc106621f862bf04dd
-
SHA512
5fba23ff4057550e94974b0a995c07d1093ba91ba53abbee940c6af1e8e2d31858d85e7baf2d830e44859aaaa900d4c91246d2c3d5f553b3c41dbf5545428221
-
SSDEEP
12288:+8lWXV7OuHmoCdeRMBvhTb/EEK1KUMsFP+WZWM7vop:WObyMBRz21K/waM7vg
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-