formbook

General

Target

21a34d80499260fcf691ed16c83da9f3a9d14a7e2299d73d7976112230a98e5a.exe
Size

627KB
Sample

240213-c9c7bsdf55
MD5

e7a029f25a89befb7b3add26cabdaa9b
SHA1

3a164584b8fde06639ce6d051ebe7ae5544cf943
SHA256

21a34d80499260fcf691ed16c83da9f3a9d14a7e2299d73d7976112230a98e5a
SHA512

93e81674f2280f52730772f29c7cc987f0ead26226ce7ba69804f4ffa8c594d10b95a2d7d013d3c653280ba96f89bed97559aec517e91104f4b0b73926133eb0
SSDEEP

12288:wXEzqHKMbNhOdU0KaRD2RIy381JnoewVVaViCNblc1TkiqgX5LRN2s8I8:w0z87bPaRDHJxwVsVvNblYIUtF

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki21

Decoy

nikonz9.com

piazzadelcondominio.cloud

stylistandcojewelry.com

watchingmovie79.store

dontpanic.solutions

cy888.xyz

pediatricdentalassoc.com

mg2selot7.us

gotireja.com

valdez.cloud

burgoontowing.top

void89.site

yoicok.online

rjinfo.xyz

omgwin7.online

pineislandhouseforsale.com

squidgamehalf.com

cpphgroup.com

kitahoki.pro

greenfieldnetworkinvest.com

Targets

- Target
  
  21a34d80499260fcf691ed16c83da9f3a9d14a7e2299d73d7976112230a98e5a.exe
- Size
  
  627KB
- MD5
  
  e7a029f25a89befb7b3add26cabdaa9b
- SHA1
  
  3a164584b8fde06639ce6d051ebe7ae5544cf943
- SHA256
  
  21a34d80499260fcf691ed16c83da9f3a9d14a7e2299d73d7976112230a98e5a
- SHA512
  
  93e81674f2280f52730772f29c7cc987f0ead26226ce7ba69804f4ffa8c594d10b95a2d7d013d3c653280ba96f89bed97559aec517e91104f4b0b73926133eb0
- SSDEEP
  
  12288:wXEzqHKMbNhOdU0KaRD2RIy381JnoewVVaViCNblc1TkiqgX5LRN2s8I8:w0z87bPaRDHJxwVsVvNblYIUtF
Score

10^/10

formbook ki21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2