General
-
Target
8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f.exe
-
Size
597KB
-
Sample
250326-wwggdazybx
-
MD5
1b27358f5ad8d9e7f8f24dae59c0e047
-
SHA1
b99426345cc005fcf5caa333ccae68ce8345c9df
-
SHA256
8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f
-
SHA512
64ee6efc50b00e92c11cfc32afcf05ae80560190c588202d3724b2511b5e27bd7115e3b2ca20b41414746144ee4ed2d1e1b819beb1a9ceebee0fedc2a6d704b3
-
SSDEEP
12288:xijHAqAJFfG3AP4mbYl4uahxX5Euk5vQnO67B1EU:xoAZ+IbY+/hxXOuS8OWB1J
Malware Config
Extracted
formbook
4.1
bs03
aindirectiveteam.info
itchen-remodeling-up.world
avadacasino21.buzz
urumsbicard.net
ental-care-2762127.fyi
raveline.tech
camtech.online
leartec.health
odkacasino-333.buzz
oans-credits-73480.bond
ubstrate360.xyz
dalang.click
on66my.xyz
elegilgh.run
wlf.dev
ex-in-wien.net
riminal-mischief.cfd
0ns.pro
klopcy.xyz
ssetexcelstrongmanageroot.xyz
Targets
-
-
Target
8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f.exe
-
Size
597KB
-
MD5
1b27358f5ad8d9e7f8f24dae59c0e047
-
SHA1
b99426345cc005fcf5caa333ccae68ce8345c9df
-
SHA256
8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f
-
SHA512
64ee6efc50b00e92c11cfc32afcf05ae80560190c588202d3724b2511b5e27bd7115e3b2ca20b41414746144ee4ed2d1e1b819beb1a9ceebee0fedc2a6d704b3
-
SSDEEP
12288:xijHAqAJFfG3AP4mbYl4uahxX5Euk5vQnO67B1EU:xoAZ+IbY+/hxXOuS8OWB1J
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-