General
-
Target
6c2cf6bf017b8e9c8731b0b0bc1ddfd20c14e381d5282832d5646ac29158cf73.exe
-
Size
694KB
-
Sample
250129-c9186aylgt
-
MD5
f3d56b554859a4a95b7a40e4852ad1c7
-
SHA1
a1bfad4910a4fcee43773bf8f6c82609ca1ed8e4
-
SHA256
6c2cf6bf017b8e9c8731b0b0bc1ddfd20c14e381d5282832d5646ac29158cf73
-
SHA512
4fada994bacac73bed6cf94dd0b6f9f6aebe2104068cc5bc7d4649045c16feb74e4f594c3c4515c210b5be29bc6fafd6c5f589e86a86765c3cc67521da921e3d
-
SSDEEP
12288:V0FtqfszbWLfl/TDraQ6arq2eaTmmS7f5oiMawxmexfF8PeobmoJ+:VYUsvWVTDraiTi5zvwxrT8Peobmc+
Malware Config
Extracted
formbook
4.1
bc01
epatitis-treatment-26155.bond
52cy67sk.bond
nline-degree-6987776.world
ingxingdiandeng-2033.top
mberbreeze.cyou
48xc300mw.autos
obs-for-seniors-39582.bond
tpetersburg-3-tonn.online
egafon-parser.online
172jh.shop
ltraman.pro
bqfhnys.shop
ntercash24-cad.homes
uhtwister.cloud
alk-in-tubs-27353.bond
ucas-saaad.buzz
oko.events
8080713.xyz
refabricated-homes-74404.bond
inaa.boo
Targets
-
-
Target
6c2cf6bf017b8e9c8731b0b0bc1ddfd20c14e381d5282832d5646ac29158cf73.exe
-
Size
694KB
-
MD5
f3d56b554859a4a95b7a40e4852ad1c7
-
SHA1
a1bfad4910a4fcee43773bf8f6c82609ca1ed8e4
-
SHA256
6c2cf6bf017b8e9c8731b0b0bc1ddfd20c14e381d5282832d5646ac29158cf73
-
SHA512
4fada994bacac73bed6cf94dd0b6f9f6aebe2104068cc5bc7d4649045c16feb74e4f594c3c4515c210b5be29bc6fafd6c5f589e86a86765c3cc67521da921e3d
-
SSDEEP
12288:V0FtqfszbWLfl/TDraQ6arq2eaTmmS7f5oiMawxmexfF8PeobmoJ+:VYUsvWVTDraiTi5zvwxrT8Peobmc+
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-