General

  • Target

    d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

  • Size

    697KB

  • Sample

    211022-tdb3tscgap

  • MD5

    f94dd54fedbdf4f0f6992c781476e4a4

  • SHA1

    93fb57ab3c31b5fa13827670a003ea203ff904d5

  • SHA256

    d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

  • SHA512

    fadf4a955ef4d3d0162c66ac896046177d86b2e9f401e5c02be2b181755827629e617584b853f5f4aa5393391834700ad103cc755e71482b0c3a4b40f7f65ace

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

    • Target

      d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

    • Size

      697KB

    • MD5

      f94dd54fedbdf4f0f6992c781476e4a4

    • SHA1

      93fb57ab3c31b5fa13827670a003ea203ff904d5

    • SHA256

      d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

    • SHA512

      fadf4a955ef4d3d0162c66ac896046177d86b2e9f401e5c02be2b181755827629e617584b853f5f4aa5393391834700ad103cc755e71482b0c3a4b40f7f65ace

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation