formbook

General

Target

967396721b19a1575c5df9e816bfaf6b
Size

313KB
Sample

230323-ccbx1ach32
MD5

967396721b19a1575c5df9e816bfaf6b
SHA1

82b058ff775c7530446c26f3b9aa21d615033dfc
SHA256

21d9202edf6777535543c0de3924fafa28423c68ff95c5ad9b0ce823736c846b
SHA512

06b535378e0d490f179a5de1e8239aaaf40e0d7a68661f4c40e83938a98541f8b1c14aad0cbac7ef5d5e66b06ebf32e37d05ab3c36ed0e091b6f4aa50ebbe99e
SSDEEP

6144:AYa6KH1cFEoDih8U46wz5124V9yj7Bg9RCFKrXPu3BAB3n8Tz:AYcH2FE5/46wH24fy/URCFKKnX

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ko14

Decoy

bluehorizonnirvana.com

itweakrd.com

actionouverytri.com

kayseriplise.com

garciaguardadopainting.com

b5qmu.xyz

albrava.com

50percentsweet.com

artyshop.boutique

6563youhui.com

beant-consulting.com

imtokonapp.shop

web28tech.africa

enriquezcleaningservice.shop

domainnameindustrybriefs.com

lose.cyou

elandtoyar.com

ke3yjs5tri.one

iliaso.com

amqp.xyz

Targets

- Target
  
  967396721b19a1575c5df9e816bfaf6b
- Size
  
  313KB
- MD5
  
  967396721b19a1575c5df9e816bfaf6b
- SHA1
  
  82b058ff775c7530446c26f3b9aa21d615033dfc
- SHA256
  
  21d9202edf6777535543c0de3924fafa28423c68ff95c5ad9b0ce823736c846b
- SHA512
  
  06b535378e0d490f179a5de1e8239aaaf40e0d7a68661f4c40e83938a98541f8b1c14aad0cbac7ef5d5e66b06ebf32e37d05ab3c36ed0e091b6f4aa50ebbe99e
- SSDEEP
  
  6144:AYa6KH1cFEoDih8U46wz5124V9yj7Bg9RCFKrXPu3BAB3n8Tz:AYcH2FE5/46wH24fy/URCFKKnX
Score

10^/10

formbook ko14 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2