formbook | 18b8be474d7df6098362d403cd7b300ba947b149d745fc316bf90756a4877bbe | Triage

Sharing

General

Target

18b8be474d7df6098362d403cd7b300ba947b149d745fc316bf90756a4877bbeN
Size

1.5MB
Sample

240921-tf2fha1dpm
MD5

b940de1def8474541f887b550be00380
SHA1

8758f6edbf3c1f83b92300c9c8536f4989d53eeb
SHA256

18b8be474d7df6098362d403cd7b300ba947b149d745fc316bf90756a4877bbe
SHA512

259c6abcdaf385cdc6107bda2bb01a7b4fc9729650ed2b91365ea666cb09c91e8fe54397a2c53237db11f7d02b1893553dbf23c1cbebaa4c3c17267537d44004
SSDEEP

24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aT56HnRFAeI8rZNQVnjBRDI8k:JTvC/MTQYxsWR7aT5KFZNQVP

Score

10^/10

formbook k94g discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k94g

Decoy

nstandgoz.xyz

dhd-treatment-37310.bond

13s-braces-us-ze.fun

umdona.shop

96ph803ql.bond

kka9max.net

corporate-10.xyz

edicalassistance869840.online

lobalresources-bh.xyz

3145978.xyz

ovdaawebsite.online

etting-thailand.net

icloud.xyz

poxk.shop

25ks-ls72510.cyou

women.info

iwyrfbfvhv9.asia

luratu.xyz

ffordable-power-charger.today

edanuryilmaz.xyz

Targets

- Target
  
  18b8be474d7df6098362d403cd7b300ba947b149d745fc316bf90756a4877bbeN
- Size
  
  1.5MB
- MD5
  
  b940de1def8474541f887b550be00380
- SHA1
  
  8758f6edbf3c1f83b92300c9c8536f4989d53eeb
- SHA256
  
  18b8be474d7df6098362d403cd7b300ba947b149d745fc316bf90756a4877bbe
- SHA512
  
  259c6abcdaf385cdc6107bda2bb01a7b4fc9729650ed2b91365ea666cb09c91e8fe54397a2c53237db11f7d02b1893553dbf23c1cbebaa4c3c17267537d44004
- SSDEEP
  
  24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aT56HnRFAeI8rZNQVnjBRDI8k:JTvC/MTQYxsWR7aT5KFZNQVP
Score

10^/10

formbook k94g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookk94gdiscoveryratspywarestealertrojan

behavioral2

formbookk94gdiscoveryratspywarestealertrojan