Overview

overview

10

Static

static

kayx.exe

windows7_x64

10

kayx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kayx.exe

  • Size

    563KB

  • Sample

    210430-6tswfy43x6

  • MD5

    129e1d37b93430b4bd894b16c53cd6bc

  • SHA1

    9ce52826f988b0702ad49e9b1da94f8e3d044c9b

  • SHA256

    28e0affe70d48a6c6fe89b76dc56c59f93521a4b606dbb6fff60a84d382e9ceb

  • SHA512

    9639f5982cc0f2a56c8806a56309aa2daf6960d3a1c9bbd0e478198efd51ed425cedbd8f82a6fbe53cb80914f0b3d1ba8f6fd2c9b319b64452dae4937858edd5

Score
10/10
formbookagilenetratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.semenovdmitriik.club/bwk/

Decoy

alexrabus.com

education618.com

nelivo.com

gosanispire.com

cdaboozecruise.com

lovenfys.com

wellsleyarts.com

madcord.net

aadiventura.com

prideglobalholdings.com

tu-aviso.com

rjroof.com

upthehilldogwalking.com

ultraletefit.com

opinetree.com

retiredalsolovingit.com

oculensweb.com

laurartproductions.com

uncontenido.com

elisabethchin.com

Targets

    • Target

      kayx.exe

    • Size

      563KB

    • MD5

      129e1d37b93430b4bd894b16c53cd6bc

    • SHA1

      9ce52826f988b0702ad49e9b1da94f8e3d044c9b

    • SHA256

      28e0affe70d48a6c6fe89b76dc56c59f93521a4b606dbb6fff60a84d382e9ceb

    • SHA512

      9639f5982cc0f2a56c8806a56309aa2daf6960d3a1c9bbd0e478198efd51ed425cedbd8f82a6fbe53cb80914f0b3d1ba8f6fd2c9b319b64452dae4937858edd5

    Score
    10/10
    formbookagilenetratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks