formbook

General

Target

ödeme formu_0001.exe
Size

263KB
Sample

230316-twddlsbg66
MD5

6ba6a3976c46e385615ede0c7584aee3
SHA1

0e9a3ee2ac21bda49a03da78a914a01a7b8f9db6
SHA256

ffc7eef1092b78448529aa79724d73c5babc66fbc440d767b0c46d9037b40ba0
SHA512

6b118a1188fe5300c00009d81a4cf399d32dac43bafae4da76bbecefd4c8ee8a601f7504220621931ff06a398e9680eef11414ec15487d7cca93562861af2445
SSDEEP

6144:vYa6j7KXS9WnHtBBNelQNnxOf2JKeG71gOMTu8mAjJDrmQDF7:vYxGXSaBBNelInxc2JnG71aqE1rmQD1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k04s

Decoy

draanabellrojas.com

in03.one

kyraloves.co.uk

laluma.store

londoncell.com

kanurikibueadvocates.com

buyeasynow.net

escapefromtarkov-wiki.com

crewint.net

f-b.boats

beautyaidstudio.com

ashfieldconsultancy.uk

dlogsadood.com

ftgam.xyz

constantinopanama.com

yellowpocket.africa

konyil.com

easomobility.com

1135wickloecourt.com

indexb2b.com

Targets

- Target
  
  ödeme formu_0001.exe
- Size
  
  263KB
- MD5
  
  6ba6a3976c46e385615ede0c7584aee3
- SHA1
  
  0e9a3ee2ac21bda49a03da78a914a01a7b8f9db6
- SHA256
  
  ffc7eef1092b78448529aa79724d73c5babc66fbc440d767b0c46d9037b40ba0
- SHA512
  
  6b118a1188fe5300c00009d81a4cf399d32dac43bafae4da76bbecefd4c8ee8a601f7504220621931ff06a398e9680eef11414ec15487d7cca93562861af2445
- SSDEEP
  
  6144:vYa6j7KXS9WnHtBBNelQNnxOf2JKeG71gOMTu8mAjJDrmQDF7:vYxGXSaBBNelInxc2JnG71aqE1rmQD1
Score

10^/10

formbook k04s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2