3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea

Target

Size

511KB

Sample

211021-1aj3labfgj

Score

10 ^/10

MD5

6923309c1cf759930f67710ac9dfd328

SHA1

e74291e311e8466dd7222a2eb3779848385dd3fa

SHA256

3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea

SHA512

993dbcc6063f3a1b293fb3e2c794f1f817a4703d5b21154fc47e02998f72e334cca38b820c6f657a8345775690eed93f2a8f9202b453490735bc89cebf3ecbd5

Extracted

Family	formbook
Version	4.1
Campaign	kzk9
C2	http://www.yourmajordomo.com/kzk9/ http://www.yourmajordomo.com/kzk9/
Decoy	tianconghuo.club 1996-page.com ourtownmax.net conservativetreehose.com synth.repair donnachicacreperia.com tentfull.com weapp.download surfersink.com gattlebusinessservices.com sebastian249.com anhphuc.company betternatureproducts.net defroplate.com seattlesquidsquad.com polarjob.com lendingadvantage.com angelsondope.com goportjitney.com tiendagrupojagr.com self-care360.com foreignexchage.com loan-stalemate.info hrsimrnsingh.com laserobsession.com primetimesmagazine.com teminyulon.xyz kanoondarab.com alpinefall.com tbmautosales.com 4g2020.com libertyquartermaster.com flavorfalafel.com generlitravel.com solvedfp.icu jamnvibez.com zmx258.com doudiangroup.com dancecenterwest.com ryantheeconomist.com beeofthehive.com bluelearn.world vivalasplantas.com yumiacraftlab.com shophere247365.com enjoybespokenwords.com windajol.com ctgbazar.xyz afcerd.com dateprotect.com northeastonmusic.com fourwaira.com forschungsraumtheater.com islameraloke.com mavericksone.com whguideinfrared.com akomandr.com experts-portail.com ambassadorworldnews.com case-kangaroo.com theglobalbusinessmentor.com igforoldpeople.com royalglossesbss.com merxeduct.com tianconghuo.club 1996-page.com ourtownmax.net conservativetreehose.com synth.repair donnachicacreperia.com tentfull.com weapp.download surfersink.com gattlebusinessservices.com sebastian249.com anhphuc.company betternatureproducts.net defroplate.com seattlesquidsquad.com polarjob.com lendingadvantage.com angelsondope.com goportjitney.com tiendagrupojagr.com self-care360.com foreignexchage.com loan-stalemate.info hrsimrnsingh.com laserobsession.com primetimesmagazine.com teminyulon.xyz kanoondarab.com alpinefall.com tbmautosales.com 4g2020.com libertyquartermaster.com flavorfalafel.com generlitravel.com solvedfp.icu jamnvibez.com zmx258.com doudiangroup.com dancecenterwest.com ryantheeconomist.com beeofthehive.com bluelearn.world vivalasplantas.com yumiacraftlab.com shophere247365.com enjoybespokenwords.com windajol.com ctgbazar.xyz afcerd.com dateprotect.com northeastonmusic.com fourwaira.com forschungsraumtheater.com islameraloke.com mavericksone.com whguideinfrared.com akomandr.com experts-portail.com ambassadorworldnews.com case-kangaroo.com theglobalbusinessmentor.com igforoldpeople.com royalglossesbss.com merxeduct.com

Target

3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea

MD5

6923309c1cf759930f67710ac9dfd328

Filesize

511KB

Score

10^/10

SHA1

e74291e311e8466dd7222a2eb3779848385dd3fa

SHA256

3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea

SHA512

993dbcc6063f3a1b293fb3e2c794f1f817a4703d5b21154fc47e02998f72e334cca38b820c6f657a8345775690eed93f2a8f9202b453490735bc89cebf3ecbd5

Signatures

Formbook
Description

Formbook is a data stealing malware which is capable of stealing data.
Tags

trojan spyware stealer formbook
Formbook Payload
Tags

rat
Suspicious use of SetThreadContext

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook kzk9 rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1