General
-
Target
84422dbecf8eb20797ee964f92346eba43e04b09d66d63ca0ce32237efb1d7f3.zip
-
Size
607KB
-
Sample
250204-er4bxawpck
-
MD5
eeb36a1d1a513bd870a0531bc2055699
-
SHA1
c976066fd1482e46d5418db56930e686bcb588ef
-
SHA256
84422dbecf8eb20797ee964f92346eba43e04b09d66d63ca0ce32237efb1d7f3
-
SHA512
f7d56d5934264dcafe7a10a8720502952b64f61e7a97d77ea34fbe70881f33d76845ea81e47d203b491fe6c6c440ff064ebc63ebe51ced9e25799cf7574e4e42
-
SSDEEP
12288:QJrO2hFqWFWj8CFEDNMbv7wdnP5l4f01BBT64wcdzeLfPDspOVzsC0dcCnx:QJrThFhIj8CqRMbv7wG2T64wYiL4kdkT
Malware Config
Extracted
formbook
4.1
3nop
subur88wap.sbs
tyai1.top
skillbeast.site
kcclassiccars.net
lghomes.net
eijanno.cyou
work-in-usa-60100.bond
268chill.store
bharatwin.biz
cakjitu01.xyz
misafert.xyz
hiretemp.net
lvekz-onearmed.top
amanda-manopo.info
seo-companies22.online
casinowalletth.net
maynrson.monster
bewizi.com
thedronetechhub.shop
car-insurance-93947.bond
Targets
-
-
Target
order confirmation.exe
-
Size
688KB
-
MD5
c662d081f4cd41e817cc9e246ca54633
-
SHA1
0d1383e23f4b4a9aec5b8a43725af2212a5bdc83
-
SHA256
d0cff61258d18def7ad7129368ecaccf5d2389eb1fd79b6cbb411c65c5783e0d
-
SHA512
9230b6c03e706740dfd262dea4bf9848b87d92659a5e9431c97ee790c664f31bf20867feb98f6819f8bb24c300ba45e784c94e30f9961443362ff4f7e40b9ac0
-
SSDEEP
12288:vYN/Dswecl9h3/IWs0CFEhNnut872bdnP54UBBTFGLJmqHtJLfPDGlVFSl2p0f+p:bweO3/9/Cq/leTFGdm8tJL6l6AHVLn
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-