formbook

General

Target

96deb2b04135c0b3d7f7ad059870a3fb2e8aebcf8c260df81f507d8fbe71fb5c.exe
Size

619KB
Sample

240223-f1dchsbg2y
MD5

505a7bbd2a5d99eec94ce25041edbb56
SHA1

f606ddb96230530ccf07aa12b3ff0532e26272c4
SHA256

96deb2b04135c0b3d7f7ad059870a3fb2e8aebcf8c260df81f507d8fbe71fb5c
SHA512

09a932ee81673f6663ab3354793a062ba58823146dc2db7149cb72e687b692327763797f5046af260b8b5ef9f3345ed2e2d1331f5100354cdb63c26a9cf553a5
SSDEEP

12288:r85Ujd53LlvtekDu/JLW0WX1ZuiSFYHFKRC8677FOBM679:r0KXlSRWlXPuihFKRC/77F2M6p

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki21

Decoy

nikonz9.com

piazzadelcondominio.cloud

stylistandcojewelry.com

watchingmovie79.store

dontpanic.solutions

cy888.xyz

pediatricdentalassoc.com

mg2selot7.us

gotireja.com

valdez.cloud

burgoontowing.top

void89.site

yoicok.online

rjinfo.xyz

omgwin7.online

pineislandhouseforsale.com

squidgamehalf.com

cpphgroup.com

kitahoki.pro

greenfieldnetworkinvest.com

Targets

- Target
  
  96deb2b04135c0b3d7f7ad059870a3fb2e8aebcf8c260df81f507d8fbe71fb5c.exe
- Size
  
  619KB
- MD5
  
  505a7bbd2a5d99eec94ce25041edbb56
- SHA1
  
  f606ddb96230530ccf07aa12b3ff0532e26272c4
- SHA256
  
  96deb2b04135c0b3d7f7ad059870a3fb2e8aebcf8c260df81f507d8fbe71fb5c
- SHA512
  
  09a932ee81673f6663ab3354793a062ba58823146dc2db7149cb72e687b692327763797f5046af260b8b5ef9f3345ed2e2d1331f5100354cdb63c26a9cf553a5
- SSDEEP
  
  12288:r85Ujd53LlvtekDu/JLW0WX1ZuiSFYHFKRC8677FOBM679:r0KXlSRWlXPuihFKRC/77F2M6p
Score

10^/10

formbook ki21 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2