General
-
Target
Popis novih narudzbi je u prilogu.zip
-
Size
621KB
-
Sample
250120-scmx9svlhw
-
MD5
9e4ad176880cefde747a170359946fb8
-
SHA1
81de0e67fe83795865675a9a29f1658e0cfdfe5b
-
SHA256
e7372fff44d20f93a9aaffc083d0943c1be8b1c4b0acc123b77742379c6fd2cd
-
SHA512
df13be50229a3fdc71421a5dab0068b5b6c476deb84d871d13aa8b2dda13e127e256a30c1a79ea8907b07dffb979ef17f8f6b8c7fcd6b09572a750e34e10cb2f
-
SSDEEP
12288:PLOC1b7TE0r8sH39lPNuRjVSS5X8eT7sLB81BHM/all/GUX80T8yDPu/hYy:yGb7d7l8Rjj18eTeByBnZLXdjS/R
Malware Config
Extracted
formbook
4.1
3nop
subur88wap.sbs
tyai1.top
skillbeast.site
kcclassiccars.net
lghomes.net
eijanno.cyou
work-in-usa-60100.bond
268chill.store
bharatwin.biz
cakjitu01.xyz
misafert.xyz
hiretemp.net
lvekz-onearmed.top
amanda-manopo.info
seo-companies22.online
casinowalletth.net
maynrson.monster
bewizi.com
thedronetechhub.shop
car-insurance-93947.bond
Targets
-
-
Target
Popis novih narudzbi je u prilogu.exe
-
Size
722KB
-
MD5
0c883414fcda149f14bfe37c2bd9fc79
-
SHA1
cf99ca86cfac68a7414ce261bdbc04263de1ee77
-
SHA256
2040a0fdd0eddf11176cddce8489b0906e9bb6ed39b2c825f883e26a3309db57
-
SHA512
2cdce3e4094cd4c72d3f4618fdcbaac2548bbddb4b4471d7f3838817913574a8b63b890be5a1ed8ce0a244fe24114d6cc25004dcd6be8ae62c0703b7e1815067
-
SSDEEP
12288:ZSihRSUunB2fP+rnhBR44lSQ5XUIT7sLzm1BHS/YlJ/GOX89rUU0+KlQlNLn:0xnumz1UITez4BlR7XQ59KaHLn
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-