formbook

General

Target

SecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22424.9102.exe
Size

1.1MB
Sample

240919-f25s6asfpf
MD5

853411ef6f70669a8333b503c2709c15
SHA1

da98ef73c0f864862a93482ce19f86ceff91ac1b
SHA256

6a1ff3a9d7b6cbba06c46cbe04433eacbffb7f62d20bdcb38ad7d50fc6d6fab6
SHA512

e9863dfe2b40f8284843c725161b5c0f63fd3559a4fe69398deb3e4d1a87e9fa9d121e63ea1787151d703ee1f87fb202b8fd3fd5ae68e70556240a676033b4ea
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCErHiF0WHKgUytHxfMuxANhAQpAu:7JZoQrbTFZY1iaCyHq0eUoHRxAXAu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  SecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22424.9102.exe
- Size
  
  1.1MB
- MD5
  
  853411ef6f70669a8333b503c2709c15
- SHA1
  
  da98ef73c0f864862a93482ce19f86ceff91ac1b
- SHA256
  
  6a1ff3a9d7b6cbba06c46cbe04433eacbffb7f62d20bdcb38ad7d50fc6d6fab6
- SHA512
  
  e9863dfe2b40f8284843c725161b5c0f63fd3559a4fe69398deb3e4d1a87e9fa9d121e63ea1787151d703ee1f87fb202b8fd3fd5ae68e70556240a676033b4ea
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCErHiF0WHKgUytHxfMuxANhAQpAu:7JZoQrbTFZY1iaCyHq0eUoHRxAXAu
Score

10^/10

discovery formbook k94g rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2