d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

General
Target

d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

Size

697KB

Sample

211022-tdb3tscgap

Score
10 /10
MD5

f94dd54fedbdf4f0f6992c781476e4a4

SHA1

93fb57ab3c31b5fa13827670a003ea203ff904d5

SHA256

d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

SHA512

fadf4a955ef4d3d0162c66ac896046177d86b2e9f401e5c02be2b181755827629e617584b853f5f4aa5393391834700ad103cc755e71482b0c3a4b40f7f65ace

Malware Config

Extracted

Family formbook
Version 4.1
Campaign kzk9
C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

self-care360.com

foreignexchage.com

loan-stalemate.info

hrsimrnsingh.com

laserobsession.com

primetimesmagazine.com

teminyulon.xyz

kanoondarab.com

alpinefall.com

tbmautosales.com

4g2020.com

libertyquartermaster.com

flavorfalafel.com

generlitravel.com

solvedfp.icu

jamnvibez.com

zmx258.com

doudiangroup.com

dancecenterwest.com

ryantheeconomist.com

beeofthehive.com

bluelearn.world

vivalasplantas.com

yumiacraftlab.com

shophere247365.com

enjoybespokenwords.com

windajol.com

ctgbazar.xyz

afcerd.com

dateprotect.com

Targets
Target

d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

MD5

f94dd54fedbdf4f0f6992c781476e4a4

Filesize

697KB

Score
10/10
SHA1

93fb57ab3c31b5fa13827670a003ea203ff904d5

SHA256

d9db7f117e5fc750e78b0178003bca82684a2a36f951fa0d3a59a58bd178a302

SHA512

fadf4a955ef4d3d0162c66ac896046177d86b2e9f401e5c02be2b181755827629e617584b853f5f4aa5393391834700ad103cc755e71482b0c3a4b40f7f65ace

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1