ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220

General
Target

ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220

Size

656KB

Sample

211023-mjs5zaccd6

Score
10 /10
MD5

d0611b9926adb5f09a557b9c8f1d010c

SHA1

518b4a0eb7b11c0056be7393b5b618df025ad661

SHA256

ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220

SHA512

55696413b7b1621f239cbd34955a2c90635380d9461c4e978c1ae859de669f92cbfbc780970e8bb7f77adf4c72b1476edb0b5748204bca45dc68ca66721c0a8f

Malware Config

Extracted

Family formbook
Version 4.1
Campaign kzk9
C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

self-care360.com

foreignexchage.com

loan-stalemate.info

hrsimrnsingh.com

laserobsession.com

primetimesmagazine.com

teminyulon.xyz

kanoondarab.com

alpinefall.com

tbmautosales.com

4g2020.com

libertyquartermaster.com

flavorfalafel.com

generlitravel.com

solvedfp.icu

jamnvibez.com

zmx258.com

doudiangroup.com

dancecenterwest.com

ryantheeconomist.com

beeofthehive.com

bluelearn.world

vivalasplantas.com

yumiacraftlab.com

shophere247365.com

enjoybespokenwords.com

windajol.com

ctgbazar.xyz

afcerd.com

dateprotect.com

Targets
Target

ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220

MD5

d0611b9926adb5f09a557b9c8f1d010c

Filesize

656KB

Score
10/10
SHA1

518b4a0eb7b11c0056be7393b5b618df025ad661

SHA256

ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220

SHA512

55696413b7b1621f239cbd34955a2c90635380d9461c4e978c1ae859de669f92cbfbc780970e8bb7f77adf4c72b1476edb0b5748204bca45dc68ca66721c0a8f

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1