formbook | 81706e1f6262ba7a58ae21da9cc923875e013db27a44f8bf5f944a0f635beb0f | Triage

Sharing

General

Target

JaffaCakes118_81706e1f6262ba7a58ae21da9cc923875e013db27a44f8bf5f944a0f635beb0f
Size

1011KB
Sample

241222-lx6gsatpcr
MD5

be4af5c66afed52b9be03a605604a530
SHA1

3a25001eac0e6cb63790d96540007e40ecc29424
SHA256

81706e1f6262ba7a58ae21da9cc923875e013db27a44f8bf5f944a0f635beb0f
SHA512

d79ca976fab4357a9e5d98bd8575fda19771732d7ca8e9badf8080180bd923bc2b8a270b327e418f06bb2f8c7e0dac319d6f26c4e0839967ac9f2079cdd426f3
SSDEEP

24576:AzBKQ3kDua3adWdSFr2BntMYcRWYSz3B3DBkbw3uz1D9foo:Azz3kDukA2rwRazx3DBMw+z1D9foo

Score

10^/10

formbook kz21 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kz21

Decoy

affordableshopper.com

federalpensioneducation.com

nguyenphuc.xyz

tbryantnotarysvcs.com

satgerv.online

yis.xyz

sailing-dreams.online

saairconditioners.com

compassioncommunity.net

vickyrubs.com

uniqueprorental.com

xplus-main.xyz

beforetravelthai.com

mentaltrainer.net

bianko.xyz

postsandnews.com

stream-king.com

citizen.guide

lasuiterennes.com

elektroexpress24.com

Targets

- Target
  
  PO 211210-02B.exe
- Size
  
  1.0MB
- MD5
  
  4064e9b07c90788942f5d4ca84fe93dd
- SHA1
  
  9e7b93ea418d60a11d191a9d0a368d2880c2abb0
- SHA256
  
  98318bf03a710984e1eaa61e8fe1ceb1f78cefb0de3ee8168dff8e4b144d6b42
- SHA512
  
  067eb0ffeff7d61c3bf5b1cb8f28df9432f564d055b4a730573b37ce51aaaff9766b00aec072e3177b730ff3a4dbe635b1964fbb0667c713ec5a0e6c88a65f8e
- SSDEEP
  
  24576:qlEGxQTnyni55j63p5zpKeZJ6wprm0W7nNM5VtcYTPy0AiQmywV7Nt+bSp/l:qpxayniu3/tKeZZpr/W7wBTPHRQBYBtX
Score

10^/10

formbook kz21 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookkz21discoveryratspywarestealertrojan

behavioral2

formbookkz21discoveryratspywarestealertrojan