formbook | d9d91e187b55cc521e8d3c79ac49d8bdd771a5626c2d39a7d788c97234248a19 | Triage

Sharing

General

Target

d9d91e187b55cc521e8d3c79ac49d8bdd771a5626c2d39a7d788c97234248a19
Size

906KB
Sample

221130-tzx77afg33
MD5

3dfdc72a69e464e2fe5a9dc15d0f872c
SHA1

9cdb47a1b52762d9a94be067d0542c1e1fb7ee91
SHA256

d9d91e187b55cc521e8d3c79ac49d8bdd771a5626c2d39a7d788c97234248a19
SHA512

d7567c0a206fdbc0776632b7d675ad9079a75160296848b20de04f39ff472129603f818129b48a3e76e7bd57a141dfec215eb77bba530102e1c247f75f003f4f
SSDEEP

12288:23RDRcAqZi970Oz6hGEM7CT3GddRdiKityWfxdXbeASgn16Nf5/ltloLtt1eWYLK:3Z3sS2Pi7X3d6f59G

Score

10^/10

formbook 2kf rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

2kf

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

- Target
  
  d9d91e187b55cc521e8d3c79ac49d8bdd771a5626c2d39a7d788c97234248a19
- Size
  
  906KB
- MD5
  
  3dfdc72a69e464e2fe5a9dc15d0f872c
- SHA1
  
  9cdb47a1b52762d9a94be067d0542c1e1fb7ee91
- SHA256
  
  d9d91e187b55cc521e8d3c79ac49d8bdd771a5626c2d39a7d788c97234248a19
- SHA512
  
  d7567c0a206fdbc0776632b7d675ad9079a75160296848b20de04f39ff472129603f818129b48a3e76e7bd57a141dfec215eb77bba530102e1c247f75f003f4f
- SSDEEP
  
  12288:23RDRcAqZi970Oz6hGEM7CT3GddRdiKityWfxdXbeASgn16Nf5/ltloLtt1eWYLK:3Z3sS2Pi7X3d6f59G
Score

10^/10

formbook 2kf rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook2kfratspywarestealertrojan

behavioral2