General
-
Target
439e270481fa6cf85666be16e0f41dcbf80e2515b304573591528a1cfa3d9758.exe
-
Size
656KB
-
Sample
250326-hp67kaslt2
-
MD5
21439ea18c8518ed0f7e3b94551df520
-
SHA1
fb49e10c82891b2c6ac90acc2c0a1d4463485953
-
SHA256
439e270481fa6cf85666be16e0f41dcbf80e2515b304573591528a1cfa3d9758
-
SHA512
e71f1e222dc044a0a41950a58862abc9f4652dd70e64a77dc14993134fedc8467f147fda12726915cb6afd4b0f1f0d52e14bdc396153c705f02f8930d3782bd0
-
SSDEEP
12288:xdkIYyOn6nzxmLvraF2UBmNRURd+bSuhh2oDywXlw62C9ygXCw+eAix5I:fY9n6nmv1UBmNmRQbSs2oGYrSBNs6
Malware Config
Extracted
formbook
4.1
m13o
un20250227-23.fun
mallelectricarsgb.bond
emvmaasbn.pro
ewaraja.xyz
olar-systems-panels-18238.bond
anjau2.cfd
ental-implants-58831.bond
riferrari.shop
ypham-japan.shop
imilarityapi.xyz
ealthywayzone.online
r33bz.online
ureformula.shop
arlsjrmenu.net
ziugsyw.xyz
osmetic-packaging-jobs.click
uaizhan.xyz
99game.xyz
otdrones.shop
rettvollmar.shop
Targets
-
-
Target
439e270481fa6cf85666be16e0f41dcbf80e2515b304573591528a1cfa3d9758.exe
-
Size
656KB
-
MD5
21439ea18c8518ed0f7e3b94551df520
-
SHA1
fb49e10c82891b2c6ac90acc2c0a1d4463485953
-
SHA256
439e270481fa6cf85666be16e0f41dcbf80e2515b304573591528a1cfa3d9758
-
SHA512
e71f1e222dc044a0a41950a58862abc9f4652dd70e64a77dc14993134fedc8467f147fda12726915cb6afd4b0f1f0d52e14bdc396153c705f02f8930d3782bd0
-
SSDEEP
12288:xdkIYyOn6nzxmLvraF2UBmNRURd+bSuhh2oDywXlw62C9ygXCw+eAix5I:fY9n6nmv1UBmNmRQbSs2oGYrSBNs6
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-