formbook

General

Target

TEKLIF 2707.exe
Size

463KB
Sample

220727-q2dd1saad5
MD5

ee91a329dcc24caa6f613725339032f0
SHA1

13caf2c984420f49d456ee8f5d255d12b1e2994b
SHA256

87491dc3e7e7bee41367da139e5110ca1a9b7bb1ea2c92dd20a8a96c8775fd98
SHA512

73028d287bdf0761890be9d35c00868a57faa2782d59752c9cd678cd4ee991ff9ea6ac96a7b5febcc1fb57bfd1963bec89be51f651a696554d7b48cf7600c226

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kn30

Decoy

edeniabenz.com

laurenjsettles.com

schwyzerland.com

hdrslh.com

talleresmasabrazos.com

wesdop.xyz

xn--abcj-doab.net

visioresearch.net

vostextes.com

santoriniconciergethira.com

seektrainings.com

dogsocats.com

munjanichemical.com

sapnemekyadekha.online

hiartwork.com

remarquehomebuilders.com

huilege.com

pjslot.net

greatsolutionwebsite.xyz

graciousclothingstore.com

Targets

- Target
  
  TEKLIF 2707.exe
- Size
  
  463KB
- MD5
  
  ee91a329dcc24caa6f613725339032f0
- SHA1
  
  13caf2c984420f49d456ee8f5d255d12b1e2994b
- SHA256
  
  87491dc3e7e7bee41367da139e5110ca1a9b7bb1ea2c92dd20a8a96c8775fd98
- SHA512
  
  73028d287bdf0761890be9d35c00868a57faa2782d59752c9cd678cd4ee991ff9ea6ac96a7b5febcc1fb57bfd1963bec89be51f651a696554d7b48cf7600c226
Score

10^/10

formbook kn30 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2