Description
Formbook is a data stealing malware which is capable of stealing data.
ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220
General
Target
Size
Sample
ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220
656KB
211023-mjs5zaccd6
Score
10 /10
MD5
SHA1
SHA256
SHA512
d0611b9926adb5f09a557b9c8f1d010c
518b4a0eb7b11c0056be7393b5b618df025ad661
ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220
55696413b7b1621f239cbd34955a2c90635380d9461c4e978c1ae859de669f92cbfbc780970e8bb7f77adf4c72b1476edb0b5748204bca45dc68ca66721c0a8f
Malware Config
Extracted
| Family | formbook |
| Version | 4.1 |
| Campaign | kzk9 |
| C2 |
http://www.yourmajordomo.com/kzk9/ |
| Decoy |
tianconghuo.club 1996-page.com ourtownmax.net conservativetreehose.com synth.repair donnachicacreperia.com tentfull.com weapp.download surfersink.com gattlebusinessservices.com sebastian249.com anhphuc.company betternatureproducts.net defroplate.com seattlesquidsquad.com polarjob.com lendingadvantage.com angelsondope.com goportjitney.com tiendagrupojagr.com self-care360.com foreignexchage.com loan-stalemate.info hrsimrnsingh.com laserobsession.com primetimesmagazine.com teminyulon.xyz kanoondarab.com alpinefall.com tbmautosales.com 4g2020.com libertyquartermaster.com flavorfalafel.com generlitravel.com solvedfp.icu jamnvibez.com zmx258.com doudiangroup.com dancecenterwest.com ryantheeconomist.com beeofthehive.com bluelearn.world vivalasplantas.com yumiacraftlab.com shophere247365.com enjoybespokenwords.com windajol.com ctgbazar.xyz afcerd.com dateprotect.com |
Targets
Target
MD5
Filesize
ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220
d0611b9926adb5f09a557b9c8f1d010c
656KB
Score
10/10
SHA1
SHA256
SHA512
518b4a0eb7b11c0056be7393b5b618df025ad661
ce04d9c3445331248d915104634f5d57dbce0a1f2d58d0a62f67c2c41e9df220
55696413b7b1621f239cbd34955a2c90635380d9461c4e978c1ae859de669f92cbfbc780970e8bb7f77adf4c72b1476edb0b5748204bca45dc68ca66721c0a8f
Tags
Signatures
-
Formbook
-
Formbook Payload
Tags
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks