0366673a2a85919a9419b85f9f552a2c9713edda8319dc9046f271ee024816ad

General
Target

0366673a2a85919a9419b85f9f552a2c9713edda8319dc9046f271ee024816ad

Size

702KB

Sample

211023-c7wkwsdaeq

Score
10 /10
MD5

ba67c997b2e0d90d44e889e3629300c9

SHA1

0a5b49e3176fa0e2f4623426f6d3d47757a0f742

SHA256

0366673a2a85919a9419b85f9f552a2c9713edda8319dc9046f271ee024816ad

SHA512

380f2f464532c2b98eac89a52c210b00ab4a17af0e27501d8ebf49fbc6dab189f1a6b7f61319137584056e69646c5bdaffce73218d13109a59b79bbc07806676

Malware Config

Extracted

Family formbook
Version 4.1
Campaign kzk9
C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

self-care360.com

foreignexchage.com

loan-stalemate.info

hrsimrnsingh.com

laserobsession.com

primetimesmagazine.com

teminyulon.xyz

kanoondarab.com

alpinefall.com

tbmautosales.com

4g2020.com

libertyquartermaster.com

flavorfalafel.com

generlitravel.com

solvedfp.icu

jamnvibez.com

zmx258.com

doudiangroup.com

dancecenterwest.com

ryantheeconomist.com

beeofthehive.com

bluelearn.world

vivalasplantas.com

yumiacraftlab.com

shophere247365.com

enjoybespokenwords.com

windajol.com

ctgbazar.xyz

afcerd.com

dateprotect.com

Targets
Target

0366673a2a85919a9419b85f9f552a2c9713edda8319dc9046f271ee024816ad

MD5

ba67c997b2e0d90d44e889e3629300c9

Filesize

702KB

Score
10/10
SHA1

0a5b49e3176fa0e2f4623426f6d3d47757a0f742

SHA256

0366673a2a85919a9419b85f9f552a2c9713edda8319dc9046f271ee024816ad

SHA512

380f2f464532c2b98eac89a52c210b00ab4a17af0e27501d8ebf49fbc6dab189f1a6b7f61319137584056e69646c5bdaffce73218d13109a59b79bbc07806676

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1