formbook

General

Target

b19143d7e738e319d499fad66a36356d
Size

894KB
Sample

240304-jf1h4aeb36
MD5

b19143d7e738e319d499fad66a36356d
SHA1

99688c6d9c0d10adc771320f6d6bee5aee80daa8
SHA256

29df0bb962a305621b5f1d2a5cf0eaeae9381872e2a329230e833e6db7c999fa
SHA512

1b88faad56c95a019e8586650cab752ebd4f2dc35f34123a9d9c2dbe158728efdb032358d35dbad806a1e39603cdaf3bda51708d2e3c7b0dcd60ded45c3e3711
SSDEEP

12288:17amkeHReB2nHEHK7zufkGe95AXcv6uh9qxeygKo2p4b9OX3mnOgSANx3YNL:1t7pyfkGe95o293b2mUXYyANx3YNL

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

- Target
  
  b19143d7e738e319d499fad66a36356d
- Size
  
  894KB
- MD5
  
  b19143d7e738e319d499fad66a36356d
- SHA1
  
  99688c6d9c0d10adc771320f6d6bee5aee80daa8
- SHA256
  
  29df0bb962a305621b5f1d2a5cf0eaeae9381872e2a329230e833e6db7c999fa
- SHA512
  
  1b88faad56c95a019e8586650cab752ebd4f2dc35f34123a9d9c2dbe158728efdb032358d35dbad806a1e39603cdaf3bda51708d2e3c7b0dcd60ded45c3e3711
- SSDEEP
  
  12288:17amkeHReB2nHEHK7zufkGe95AXcv6uh9qxeygKo2p4b9OX3mnOgSANx3YNL:1t7pyfkGe95o293b2mUXYyANx3YNL
Score

10^/10

formbook kzk9 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2