General
-
Target
CEKARFQIND18042128.xls.vbs
-
Size
13KB
-
Sample
250326-jdkd4aspt4
-
MD5
625608a8b21dd63c47807150c9e056ff
-
SHA1
8cd013e6bb9806b058f0cc21cdbc519089da08bb
-
SHA256
4a4cb3cf592dc2b8cff367fef834b31f22eebc0e6cd66617169e14a6c3c80c3e
-
SHA512
48c8e73beffffb3dd830dc90cfd44802a951a1949d0c5deb0ca8dfa20e0ea0c06d506e6e3311efae0f72fc884789b4005e9a2dea6d97854658cd2d3a68c67a94
-
SSDEEP
192:lK222222222222222ELHkzZrrp/Wb6MbRha434iM458ooRbcpF3LWiGDC2M8Rk5D:iFFUgFwJISz9yd80g2r
Malware Config
Extracted
formbook
4.1
h3wr
cosflare.online
onlynaturalpetes.shop
video-games-39348.bond
warehouse-inventory-39425.bond
taolishuxia.vip
getthelook.app
magicfurries.shop
exiqkfylkx.sbs
olar-panel-jobs-13264.bond
68092.legal
mybucketwish.net
epeiroterbesestrepe.cloud
digiprem.tech
cjams.autos
ayundevtest.xyz
p8uatwdpyjgafakp.cyou
nuocjpg.info
fluorforesetgambes.cloud
co-vision.net
fine-to-fine.top
Targets
-
-
Target
CEKARFQIND18042128.xls.vbs
-
Size
13KB
-
MD5
625608a8b21dd63c47807150c9e056ff
-
SHA1
8cd013e6bb9806b058f0cc21cdbc519089da08bb
-
SHA256
4a4cb3cf592dc2b8cff367fef834b31f22eebc0e6cd66617169e14a6c3c80c3e
-
SHA512
48c8e73beffffb3dd830dc90cfd44802a951a1949d0c5deb0ca8dfa20e0ea0c06d506e6e3311efae0f72fc884789b4005e9a2dea6d97854658cd2d3a68c67a94
-
SSDEEP
192:lK222222222222222ELHkzZrrp/Wb6MbRha434iM458ooRbcpF3LWiGDC2M8Rk5D:iFFUgFwJISz9yd80g2r
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-