General
-
Target
PO-09OCT2024-1.pdf.lzh
-
Size
595KB
-
Sample
250130-q4xknsspgv
-
MD5
da11fe592d88b3a8d6ed17ec0f958544
-
SHA1
a4694a3554e6e5bb10f292550b31a69e7e956691
-
SHA256
f1e77b61689144021e0597883e58c743c954dc5e0977e09a6a76b0b15b972840
-
SHA512
055cfcffe8dfa1264e60fd29865ea7c4e8bfe8269744110563dca0f5c1c9fcbf035620ff8b03df82158de87114d49b500c3d85a47eb6b739cbc2a58a71b261ef
-
SSDEEP
12288:YN8UsqBhZ2oMMVMfIiUMkQqXqzX0c1iAJNjq5j4bFa5exTB+YPA9D1f5BHHb:Y3sqB7MXfhTq6R1iAJo54o5e6l59
Malware Config
Extracted
formbook
4.1
rn94
st68v.xyz
conciergenotary.net
qwechaotk.top
rtpdonatoto29.xyz
8ad.xyz
powermove.top
cameras-30514.bond
vanguardcoffee.shop
umoe53fxc1bsujv.buzz
consultoriamax.net
hplxx.com
ndu.wtf
yzh478c.xyz
bigbrown999.site
xiake07.asia
resdai.xyz
the35678.shop
ba6rf.rest
ceo688.com
phimxhot.xyz
Targets
-
-
Target
PO-09OCT2024-1.pdf.scr
-
Size
764KB
-
MD5
1d278e311f71d28a7b468c9e8c42d3e8
-
SHA1
9deb9da31e00f63d2a607d717c26a3d29e1ded5f
-
SHA256
2817a9a6fc061c9f8e6e7c341b778b403ceaeb439cb8e40760c908ada5c323cd
-
SHA512
2c994e0637a9a0ed662f65a8316aee8c8d781f5770090e4bb6e35315dc9f042cb4f712fbe7a809424ad9391299beec23dfccf010d55d063186485af49b3f813f
-
SSDEEP
12288:vcmEZ3bkiEWVZ25bNMHWQLElf7MIboj2buIVToTX6PUVgIGi7TykR:vEtBEWVE5GHWQLEl+2t0TqUVgK
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-