formbook

General

Target

18c262c08dce6a59267af49ac575ddd996ebd7b1d8bcfb31cff9f9f9814cfd91.exe
Size

1.1MB
Sample

240920-qa2brsyalk
MD5

a49be3b0ef3f7e35bfe33d328267e29d
SHA1

a63ae2c4a8e49a762439613492515592a28ecc0f
SHA256

18c262c08dce6a59267af49ac575ddd996ebd7b1d8bcfb31cff9f9f9814cfd91
SHA512

9ba71fc6120dad3714c6db25c8efccd129059c4ee70cf89e8664ec13c92dfeb259bd8d591ac75618d221f29cd25ab8cb669a01be65a78df6d7f4f8761194b2d6
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCbGV3eX2lsEO6qo:7JZoQrbTFZY1iaCS8X2Beo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  18c262c08dce6a59267af49ac575ddd996ebd7b1d8bcfb31cff9f9f9814cfd91.exe
- Size
  
  1.1MB
- MD5
  
  a49be3b0ef3f7e35bfe33d328267e29d
- SHA1
  
  a63ae2c4a8e49a762439613492515592a28ecc0f
- SHA256
  
  18c262c08dce6a59267af49ac575ddd996ebd7b1d8bcfb31cff9f9f9814cfd91
- SHA512
  
  9ba71fc6120dad3714c6db25c8efccd129059c4ee70cf89e8664ec13c92dfeb259bd8d591ac75618d221f29cd25ab8cb669a01be65a78df6d7f4f8761194b2d6
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCbGV3eX2lsEO6qo:7JZoQrbTFZY1iaCS8X2Beo
Score

10^/10

formbook k94g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2