formbook | ad41a04ef12da71ec7d49efb54d360abf1e39c682289a6e597c39480bff7fc58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b72a1cda4be59c214ffd32fe8cd3394
Size

1.3MB
Sample

231230-vevf8schb7
MD5

0b72a1cda4be59c214ffd32fe8cd3394
SHA1

8f07f52d05bbb3913488d4f3920b0e1059df1691
SHA256

ad41a04ef12da71ec7d49efb54d360abf1e39c682289a6e597c39480bff7fc58
SHA512

bba4606c24a101d7da8b567a77d97f75cd1ad8991a06724b1200d0de1030c143d5240db0772c2d722cdf595472610fd9e616c20dd03e11a53ca13d5628743406
SSDEEP

24576:GoJP/it6llfiCiq0Af9O2dUO0JKTbWQmWs89UrmMnfk/iQ2+S0dBh:GoJHiE7iDwlAKTbUWsaU9fk/Pj

Score

10^/10

formbook k4n7 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k4n7

Decoy

amrypromi.com

12acacia.com

saritsnyder.com

j-creations.net

bestpricesmartmoversllc.com

elektronomia.com

teznevisan.com

babycarrierscore.com

keysinvestmentsgroup.com

beadsxdre.com

cnibusiness.support

qsigcxmol.icu

newzfarm.com

smokvapor.com

virtualkriskringle.com

roundonavan.com

treatmentforasthma.com

wowexport.online

lesbisim.com

namefinest.com

Targets

- Target
  
  0b72a1cda4be59c214ffd32fe8cd3394
- Size
  
  1.3MB
- MD5
  
  0b72a1cda4be59c214ffd32fe8cd3394
- SHA1
  
  8f07f52d05bbb3913488d4f3920b0e1059df1691
- SHA256
  
  ad41a04ef12da71ec7d49efb54d360abf1e39c682289a6e597c39480bff7fc58
- SHA512
  
  bba4606c24a101d7da8b567a77d97f75cd1ad8991a06724b1200d0de1030c143d5240db0772c2d722cdf595472610fd9e616c20dd03e11a53ca13d5628743406
- SSDEEP
  
  24576:GoJP/it6llfiCiq0Af9O2dUO0JKTbWQmWs89UrmMnfk/iQ2+S0dBh:GoJHiE7iDwlAKTbUWsaU9fk/Pj
Score

10^/10

formbook k4n7 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookk4n7ratspywarestealertrojan

behavioral2

formbookk4n7ratspywarestealertrojan