formbook

General

Target

038159.zip
Size

239KB
Sample

211012-qjdl3acdf2
MD5

f6d83fbf014a5691b35cfe80401ea6cb
SHA1

47b40e2d2ec4f38faf97d94ebb481cabb17c908f
SHA256

4873fc7cab19439ccbc5cfffcc818ed55cd682cd5475889c7062476a877438ce
SHA512

66564b36c4fe5eecc029248bac207e017b7dc04a2453c0e87db16c6dd3fd1577661bc0b5eeadc9abb7a911d811b3af01a295e9f26edc4b1c97ecb24f7b95c757

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w6ya

C2

http://www.truth-capturemachine.com/w6ya/

Decoy

auden-audio.com

zombieodyssey.com

hdpthg.com

toddtechnical.com

njsdgz.com

yieldfarm.world

guardsveirfynews.net

atmamandir.info

eskisehirtostcusu.online

arrozz.net

v99king.win

jaxonboxing.com

morganevans.net

syandeg.com

valleyofplants.com

corsosportorico.com

tak.support

blacktgpc.com

herdpetshop.com

iifkvhns.xyz

Targets

- Target
  
  038159.exe
- Size
  
  251KB
- MD5
  
  f89aeda946171325b3cc41db4e0c7356
- SHA1
  
  83da10df168a7801bef8257fcbdc23bf18f0d15c
- SHA256
  
  5beadd0ecc9f1407dab89746630fddf7362dd00323e6a5e5413a0c286e2ee583
- SHA512
  
  229332eb6bec4208a2eb9055237ee5ac83a9da577ce04f2a0a9bad2c6c113b815ff60876d265f344d10d36d20da3bb4444ef2c8896fe9dc6005bac73a3c902ab
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2