General
-
Target
ece49e828c96a3cbc96535f04ef66109c997cb13a87850c4b66b3de0fd2818f7.exe
-
Size
722KB
-
Sample
250124-srlnravket
-
MD5
07055b5c25983542e28e73e03e4e9e59
-
SHA1
ada64e9c68e8d508fefb1ccb57273b28aa23814b
-
SHA256
ece49e828c96a3cbc96535f04ef66109c997cb13a87850c4b66b3de0fd2818f7
-
SHA512
6ce52ac945cea8e396e30838b77a06c20fb6b739dd4bafd9dd8f88ad37dee52f54035d5088f67be71eea46adda2a3c5e92929392f2ff93fb0bbe202f1105e06d
-
SSDEEP
12288:045J6WhRSUunBIag+tpYXfkv7I3OqJ+lAaHp1MnEHqpSb/gH+pt5oxWv:d6NnBo+vYvk7qJ5BEKsDo+Zoxm
Malware Config
Extracted
formbook
4.1
bc01
epatitis-treatment-26155.bond
52cy67sk.bond
nline-degree-6987776.world
ingxingdiandeng-2033.top
mberbreeze.cyou
48xc300mw.autos
obs-for-seniors-39582.bond
tpetersburg-3-tonn.online
egafon-parser.online
172jh.shop
ltraman.pro
bqfhnys.shop
ntercash24-cad.homes
uhtwister.cloud
alk-in-tubs-27353.bond
ucas-saaad.buzz
oko.events
8080713.xyz
refabricated-homes-74404.bond
inaa.boo
Targets
-
-
Target
ece49e828c96a3cbc96535f04ef66109c997cb13a87850c4b66b3de0fd2818f7.exe
-
Size
722KB
-
MD5
07055b5c25983542e28e73e03e4e9e59
-
SHA1
ada64e9c68e8d508fefb1ccb57273b28aa23814b
-
SHA256
ece49e828c96a3cbc96535f04ef66109c997cb13a87850c4b66b3de0fd2818f7
-
SHA512
6ce52ac945cea8e396e30838b77a06c20fb6b739dd4bafd9dd8f88ad37dee52f54035d5088f67be71eea46adda2a3c5e92929392f2ff93fb0bbe202f1105e06d
-
SSDEEP
12288:045J6WhRSUunBIag+tpYXfkv7I3OqJ+lAaHp1MnEHqpSb/gH+pt5oxWv:d6NnBo+vYvk7qJ5BEKsDo+Zoxm
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-