formbook

General

Target

d7433ec981297919971fcf1e7017b9d8169a787a2f24aa2c31f08500ee510057
Size

501KB
Sample

221130-qg59asfh6t
MD5

43251b851d7807ea3a8a31aa1945a376
SHA1

d7972a48974b7b00f7a0b0866107690a04b65a26
SHA256

d7433ec981297919971fcf1e7017b9d8169a787a2f24aa2c31f08500ee510057
SHA512

1d61cb1b95556f7e9cb7ece2e5b4616b38769c0b1ef09751f2797e943a5c0befcd752a5cecf302399248dfa6ed4b065dce33c563b2b73e4e63f830c2fc941665
SSDEEP

6144:wBFXjwC6hJTY7Vy41qmntOc25C/+O9aAE48EBrz4o1T4K+oRlPNUaAYJl/fO9ks:CRz6hG7VTxQr4DLnRlP6qr

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ktz

Decoy

healthbeautysublime.com

simplysouthcarolina.com

lunarsuncreations.com

madhurbazar.website

bestsellersecret.com

geniusbytesdemo.com

timetodebate.com

sarkariresult.network

k-kard.com

selagiprojects.com

sidechickrecords.net

pattayamoneyexchange.com

cindykeet.com

writefordelight.com

1to2rooms.com

doubi2.com

kairospromotions.com

emergencyresponsetech.com

purbelipana.com

reimaginingdental.com

Targets

- Target
  
  d7433ec981297919971fcf1e7017b9d8169a787a2f24aa2c31f08500ee510057
- Size
  
  501KB
- MD5
  
  43251b851d7807ea3a8a31aa1945a376
- SHA1
  
  d7972a48974b7b00f7a0b0866107690a04b65a26
- SHA256
  
  d7433ec981297919971fcf1e7017b9d8169a787a2f24aa2c31f08500ee510057
- SHA512
  
  1d61cb1b95556f7e9cb7ece2e5b4616b38769c0b1ef09751f2797e943a5c0befcd752a5cecf302399248dfa6ed4b065dce33c563b2b73e4e63f830c2fc941665
- SSDEEP
  
  6144:wBFXjwC6hJTY7Vy41qmntOc25C/+O9aAE48EBrz4o1T4K+oRlPNUaAYJl/fO9ks:CRz6hG7VTxQr4DLnRlP6qr
Score

10^/10

formbook ktz rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2