General
-
Target
3fbcec3b7e1d2b8efef9e2ab1be54a55e2252166cd357fc2ee9cb42581851365.exe
-
Size
628KB
-
Sample
250325-ywnlss1zcv
-
MD5
c7c545bdd0ba6aba5dc454df13b928e4
-
SHA1
616f2fb37d07cf17c69326fcef5c91005f5b13a0
-
SHA256
3fbcec3b7e1d2b8efef9e2ab1be54a55e2252166cd357fc2ee9cb42581851365
-
SHA512
fc4c382d801fd09dbcea48310ee49990544cfd19f9148c741dbc42f3a137affafc8d631cd5e596bf5d550262e7b377fbbd54065af90188d7643b4fe86b14509a
-
SSDEEP
12288:UwQjvOn6nzx1374EIpk7g47RxiLrZd+mcLBz3YJ3WDN9yoX/:jQj2n6n/Spkn7Rkd+mC13S3wyoX
Malware Config
Extracted
formbook
4.1
m13o
un20250227-23.fun
mallelectricarsgb.bond
emvmaasbn.pro
ewaraja.xyz
olar-systems-panels-18238.bond
anjau2.cfd
ental-implants-58831.bond
riferrari.shop
ypham-japan.shop
imilarityapi.xyz
ealthywayzone.online
r33bz.online
ureformula.shop
arlsjrmenu.net
ziugsyw.xyz
osmetic-packaging-jobs.click
uaizhan.xyz
99game.xyz
otdrones.shop
rettvollmar.shop
Targets
-
-
Target
3fbcec3b7e1d2b8efef9e2ab1be54a55e2252166cd357fc2ee9cb42581851365.exe
-
Size
628KB
-
MD5
c7c545bdd0ba6aba5dc454df13b928e4
-
SHA1
616f2fb37d07cf17c69326fcef5c91005f5b13a0
-
SHA256
3fbcec3b7e1d2b8efef9e2ab1be54a55e2252166cd357fc2ee9cb42581851365
-
SHA512
fc4c382d801fd09dbcea48310ee49990544cfd19f9148c741dbc42f3a137affafc8d631cd5e596bf5d550262e7b377fbbd54065af90188d7643b4fe86b14509a
-
SSDEEP
12288:UwQjvOn6nzx1374EIpk7g47RxiLrZd+mcLBz3YJ3WDN9yoX/:jQj2n6n/Spkn7Rkd+mC13S3wyoX
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-