formbook

General

Target

0f356ec01936c3fc641acb21605d163198e1176a78f88356f572bce8573dc5e3.zip
Size

266KB
Sample

230321-qq2x8saf25
MD5

effcc807452fb08ce698699261770d44
SHA1

e5b985bd7390973ecf2102045d0d91196db759d9
SHA256

bbbc5cc02d3cc04c96e7410a74eb852a471c4607f2d744e4403d3df309bf2650
SHA512

7ce055a91eee7a249ca5fb23cfef9257ce8ae3b1bec29ab8d30064f4f9ee5d5f13784ae72ed7cf64acc3f7b73ee587bf2899db816f00ddd3df80e9d07a4ad182
SSDEEP

6144:0mqu8a544faUN/HO2Qgu7QKqq1X6gW62BI33zOwxVnGHCKyYW:0Na5LfaUN257Bqq1qgZ2By3SwxBGXJW

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k04s

Decoy

draanabellrojas.com

in03.one

kyraloves.co.uk

laluma.store

londoncell.com

kanurikibueadvocates.com

buyeasynow.net

escapefromtarkov-wiki.com

crewint.net

f-b.boats

beautyaidstudio.com

ashfieldconsultancy.uk

dlogsadood.com

ftgam.xyz

constantinopanama.com

yellowpocket.africa

konyil.com

easomobility.com

1135wickloecourt.com

indexb2b.com

Targets

- Target
  
  0f356ec01936c3fc641acb21605d163198e1176a78f88356f572bce8573dc5e3.exe
- Size
  
  280KB
- MD5
  
  8153a2e7f9caf30f24e796a13797cacc
- SHA1
  
  c7364c49a17e98ea406650507de21f01eca6e954
- SHA256
  
  0f356ec01936c3fc641acb21605d163198e1176a78f88356f572bce8573dc5e3
- SHA512
  
  651dadc58adc27ee5310576df4d92878c6f95eb4c5ad72659fd01c789a800ba5aa503be378e5f85685a7b1f5d7c18f07bc153c840322986d9aa638adb76bde00
- SSDEEP
  
  6144:vYa6/R1eJ3wqRfASXw2x38QMy5ngizaBpAz0XPZs0wyYScC+1tyw:vYtsgqRLXZ8QMy5n+BO0XPZTwHScC7w
Score

10^/10

formbook k04s rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2