General
-
Target
97b825e713db39ad07e6dcd7ed37ef80379f2838f8c89df538b942c15c4bfc2a.exe
-
Size
598KB
-
Sample
250326-yqw1zstpt4
-
MD5
dd5099fddab1951e86685f395cb07e55
-
SHA1
836c7f120ed210e92c6235e7347a2920d1e49ad9
-
SHA256
97b825e713db39ad07e6dcd7ed37ef80379f2838f8c89df538b942c15c4bfc2a
-
SHA512
1adf422c3179551f562d6b15228abf897fa14fc89545e7b690b7e80c2e112109645bdb40c534ef33791d24b3218663ca8e8f5e8235efd05bf0cc0093f9635db6
-
SSDEEP
12288:Oix1qAJwaLzWrU+9U8rAUfVFnl6YQybXuxkWoG6h4:OW1lz+28MUfzn3HXWova
Malware Config
Extracted
formbook
4.1
m13o
un20250227-23.fun
mallelectricarsgb.bond
emvmaasbn.pro
ewaraja.xyz
olar-systems-panels-18238.bond
anjau2.cfd
ental-implants-58831.bond
riferrari.shop
ypham-japan.shop
imilarityapi.xyz
ealthywayzone.online
r33bz.online
ureformula.shop
arlsjrmenu.net
ziugsyw.xyz
osmetic-packaging-jobs.click
uaizhan.xyz
99game.xyz
otdrones.shop
rettvollmar.shop
Targets
-
-
Target
97b825e713db39ad07e6dcd7ed37ef80379f2838f8c89df538b942c15c4bfc2a.exe
-
Size
598KB
-
MD5
dd5099fddab1951e86685f395cb07e55
-
SHA1
836c7f120ed210e92c6235e7347a2920d1e49ad9
-
SHA256
97b825e713db39ad07e6dcd7ed37ef80379f2838f8c89df538b942c15c4bfc2a
-
SHA512
1adf422c3179551f562d6b15228abf897fa14fc89545e7b690b7e80c2e112109645bdb40c534ef33791d24b3218663ca8e8f5e8235efd05bf0cc0093f9635db6
-
SSDEEP
12288:Oix1qAJwaLzWrU+9U8rAUfVFnl6YQybXuxkWoG6h4:OW1lz+28MUfzn3HXWova
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-