8b249a16ea50d01651cf9c1f01c97deea48293f1b28735450d62bd0413b93653

General
Target

8b249a16ea50d01651cf9c1f01c97deea48293f1b28735450d62bd0413b93653

Size

329KB

Sample

211113-m2xk4sehg4

Score
10 /10
MD5

1ad9efcddab819d24cca2f9323395f9e

SHA1

1ffcdd188cb66666cdac14bb8d8b48902bd666e6

SHA256

8b249a16ea50d01651cf9c1f01c97deea48293f1b28735450d62bd0413b93653

SHA512

1afaa2924ef06a5cde9cc1778b892738c126a3311c59e407a931601f5459ec26b7348ed12832cc88399931540d5198407be1c28f4ec7c3d1b98f70ebf15a8046

Malware Config

Extracted

Family formbook
Version 4.1
Campaign kzk9
C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

self-care360.com

foreignexchage.com

loan-stalemate.info

hrsimrnsingh.com

laserobsession.com

primetimesmagazine.com

teminyulon.xyz

kanoondarab.com

alpinefall.com

tbmautosales.com

4g2020.com

libertyquartermaster.com

flavorfalafel.com

generlitravel.com

solvedfp.icu

jamnvibez.com

zmx258.com

doudiangroup.com

dancecenterwest.com

ryantheeconomist.com

beeofthehive.com

bluelearn.world

vivalasplantas.com

yumiacraftlab.com

shophere247365.com

enjoybespokenwords.com

windajol.com

ctgbazar.xyz

afcerd.com

dateprotect.com

Targets
Target

8b249a16ea50d01651cf9c1f01c97deea48293f1b28735450d62bd0413b93653

MD5

1ad9efcddab819d24cca2f9323395f9e

Filesize

329KB

Score
10/10
SHA1

1ffcdd188cb66666cdac14bb8d8b48902bd666e6

SHA256

8b249a16ea50d01651cf9c1f01c97deea48293f1b28735450d62bd0413b93653

SHA512

1afaa2924ef06a5cde9cc1778b892738c126a3311c59e407a931601f5459ec26b7348ed12832cc88399931540d5198407be1c28f4ec7c3d1b98f70ebf15a8046

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1