formbook

General

Target

611241.zip
Size

240KB
Sample

211015-wkpnlsbca2
MD5

33ad14736598e35aef0abf7399361f65
SHA1

3fbebfc5cbe093bf22648b527fa10d8a48808094
SHA256

beda9d96a4b8f3e2ef15eaaee301e3c55ca579e3fb9044e5f580f3fb189b39c1
SHA512

fa53e970ec9470bf2a1b0fd5e17432af36e24e4436bfb3684d3b7890a8143b192d6bc29127c2f2f4d03eb8505cab7cd2db22a0bcce3b6d4f71e561f00e4647d0

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w6ya

C2

http://www.truth-capturemachine.com/w6ya/

Decoy

auden-audio.com

zombieodyssey.com

hdpthg.com

toddtechnical.com

njsdgz.com

yieldfarm.world

guardsveirfynews.net

atmamandir.info

eskisehirtostcusu.online

arrozz.net

v99king.win

jaxonboxing.com

morganevans.net

syandeg.com

valleyofplants.com

corsosportorico.com

tak.support

blacktgpc.com

herdpetshop.com

iifkvhns.xyz

Targets

- Target
  
  611241.exe
- Size
  
  252KB
- MD5
  
  492855c0720ae91f1829f169416ec8f0
- SHA1
  
  6f48a4c265203ddb73c285cc1fd6214b393e1f3f
- SHA256
  
  d3520e70ee03f0daa0cd5bdb69502d0e9cdbda240c683290c6f82795a66ba5cd
- SHA512
  
  925ce8a932b08c15fefae047a519d97f48d8fb8d29ff56c87ff613b342249c73a89f9202c1e9a1a4034518a29c39af14a9c6226705d7b0ed0f8d073e81d28c00
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2