formbook

General

Target

bb367436118b3298affddea50440ac12_JaffaCakes118
Size

1.4MB
Sample

241203-cfmtnsznbl
MD5

bb367436118b3298affddea50440ac12
SHA1

b2b8d261784991e3c14c6577447362cb6d72634c
SHA256

37f6df44b9dd38408fe5682c6d660eceb04a2915b3420576afce05bf3076bc01
SHA512

f3549647a3e17bf9ca84e67e40311c3906e9b822f25567a434f8ae7ef737d0a10057ff5812fb293f4d2375b1da15b14458b33c3bcff92eb3599512757c1d638d
SSDEEP

12288:3JdXpDQCEm+SSboh6Htaw0gjLozE+LiBUVtfX/KT2fX1k/HmUVpGF9EVxlm:3JDBCh82j0zE+LiIKT2fX1vOm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

- Target
  
  bb367436118b3298affddea50440ac12_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  bb367436118b3298affddea50440ac12
- SHA1
  
  b2b8d261784991e3c14c6577447362cb6d72634c
- SHA256
  
  37f6df44b9dd38408fe5682c6d660eceb04a2915b3420576afce05bf3076bc01
- SHA512
  
  f3549647a3e17bf9ca84e67e40311c3906e9b822f25567a434f8ae7ef737d0a10057ff5812fb293f4d2375b1da15b14458b33c3bcff92eb3599512757c1d638d
- SSDEEP
  
  12288:3JdXpDQCEm+SSboh6Htaw0gjLozE+LiBUVtfX/KT2fX1k/HmUVpGF9EVxlm:3JDBCh82j0zE+LiIKT2fX1vOm
Score

10^/10

formbook kzk9 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2