General
-
Target
sheisverynicegirllokyetaroudntheglobalgoodnice.hta
-
Size
14KB
-
Sample
250204-x3bp5syjat
-
MD5
f5ec2118957b7a9908d1c588c50f4df9
-
SHA1
ee81165c895755372747a345116470489e3a902b
-
SHA256
f42f2afb4ad2de01d20f30facd401761b6182a6a74997108e6ba827069e9a666
-
SHA512
3f85fd0471313c2de3eb2c4b5fe672bb9f95b9bace50d428ac87722f3cb7e3a57177fae177d008632aa70ad7b018d67d15aaafbe229ebb3219073c3905c28775
-
SSDEEP
48:3NaPwm0vV7iaB9wm0vV7HYzBPTHtFVJt+AWnwJx81LKChaoWaAddIWwm0vV7I1ac:dmg7isg74zBPT3VJt+VnHYGG3g7ql
Malware Config
Extracted
formbook
4.1
b101
ent-apartments-2801.click
lsyw.top
eccurastock.online
j958.net
eepelement.tech
rueblueimpact.shop
etechhome.net
ianchui.cfd
mall-business-22321.bond
tatewidefinancialservices.net
orbitmac.info
ovehkjepe88.club
zzhmamn.xyz
uslimbooking.net
uto253.pro
ortalexpresscliepr.lat
tikk.shop
iaoniang.cfd
sdg-6603.cyou
myd.net
Targets
-
-
Target
sheisverynicegirllokyetaroudntheglobalgoodnice.hta
-
Size
14KB
-
MD5
f5ec2118957b7a9908d1c588c50f4df9
-
SHA1
ee81165c895755372747a345116470489e3a902b
-
SHA256
f42f2afb4ad2de01d20f30facd401761b6182a6a74997108e6ba827069e9a666
-
SHA512
3f85fd0471313c2de3eb2c4b5fe672bb9f95b9bace50d428ac87722f3cb7e3a57177fae177d008632aa70ad7b018d67d15aaafbe229ebb3219073c3905c28775
-
SSDEEP
48:3NaPwm0vV7iaB9wm0vV7HYzBPTHtFVJt+AWnwJx81LKChaoWaAddIWwm0vV7I1ac:dmg7isg74zBPT3VJt+VnHYGG3g7ql
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Blocklisted process makes network request
-
Evasion via Device Credential Deployment
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of SetThreadContext
-