formbook

General

Target

01eeb7e57977c8d8d2edf9092e0fa57c0574676d71478949ad38cf6fdc902e4a
Size

861KB
Sample

240919-nmvcwawhkm
MD5

817d252f2d4fe474e5de926d4d7767e2
SHA1

ab17aa1c24786d2a18a8741c2f818a11b4f36495
SHA256

01eeb7e57977c8d8d2edf9092e0fa57c0574676d71478949ad38cf6fdc902e4a
SHA512

4b7472a1717bd6d54d5fcf56d9f4a8951f7413a866838ed39b7092724f6fc59feb456a62dc449fb7cff0e7edc3fd293e1b1da00525a5d3f3ec6cb862eddd8a15
SSDEEP

24576:2su//xu5csZrHiF0WfKqkgpxlfM8xmNnwQpAn:o//xUcsRHq0yk0xxxm5An

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  Payment Advice $8000.pdf.exe
- Size
  
  1.1MB
- MD5
  
  853411ef6f70669a8333b503c2709c15
- SHA1
  
  da98ef73c0f864862a93482ce19f86ceff91ac1b
- SHA256
  
  6a1ff3a9d7b6cbba06c46cbe04433eacbffb7f62d20bdcb38ad7d50fc6d6fab6
- SHA512
  
  e9863dfe2b40f8284843c725161b5c0f63fd3559a4fe69398deb3e4d1a87e9fa9d121e63ea1787151d703ee1f87fb202b8fd3fd5ae68e70556240a676033b4ea
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCErHiF0WHKgUytHxfMuxANhAQpAu:7JZoQrbTFZY1iaCyHq0eUoHRxAXAu
Score

10^/10

formbook k94g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2