formbook

General

Target

swift.exe
Size

293KB
Sample

230215-n46ggabf33
MD5

b63f00f4bbecd14217d4d9de887ff832
SHA1

3848bd9a52433f94bb77b41e77620323b3faa0e0
SHA256

3af2c0904f3729e0408f6479f4222d5fbcf695f2b5cd32e8737e8690661bb18b
SHA512

73f703796d982e1f32264cd488add845b4c71cb7ab108be116d450c6e94d771f7b40254e4963e9c9190c42eb9b7865dc66ec334f96d9aa68a8d95b190baa66c9
SSDEEP

6144:vYa6N0CqudwpubkE5cYtAqStGC3BjAsnlE7wbWs6tV1w2HIN58Zj:vYv1q0bLOYtAqSZBjxnlEMqs6v258F

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k04s

Decoy

draanabellrojas.com

in03.one

kyraloves.co.uk

laluma.store

londoncell.com

kanurikibueadvocates.com

buyeasynow.net

escapefromtarkov-wiki.com

crewint.net

f-b.boats

beautyaidstudio.com

ashfieldconsultancy.uk

dlogsadood.com

ftgam.xyz

constantinopanama.com

yellowpocket.africa

konyil.com

easomobility.com

1135wickloecourt.com

indexb2b.com

Targets

- Target
  
  swift.exe
- Size
  
  293KB
- MD5
  
  b63f00f4bbecd14217d4d9de887ff832
- SHA1
  
  3848bd9a52433f94bb77b41e77620323b3faa0e0
- SHA256
  
  3af2c0904f3729e0408f6479f4222d5fbcf695f2b5cd32e8737e8690661bb18b
- SHA512
  
  73f703796d982e1f32264cd488add845b4c71cb7ab108be116d450c6e94d771f7b40254e4963e9c9190c42eb9b7865dc66ec334f96d9aa68a8d95b190baa66c9
- SSDEEP
  
  6144:vYa6N0CqudwpubkE5cYtAqStGC3BjAsnlE7wbWs6tV1w2HIN58Zj:vYv1q0bLOYtAqSZBjxnlEMqs6v258F
Score

10^/10

formbook k04s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2