formbook

General

Target

55612335.exe
Size

253KB
Sample

211021-lzhhqsabc7
MD5

a1a1a907effaaefa8b463e84234c1355
SHA1

421a063c16cc03629c5c380399bf9fc303f7c32c
SHA256

60cfee00408236ba105da652b956603ff2e51ebf2b80e75b900e452235873667
SHA512

6e6d51c8704c7e7d444dd30c70398012e6cd398db10478ff0f46f93b095209060c9b85831cc1787018d3536f58c2c9043df266b9b17ccb6fa363bbbb5a0125e7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w6ya

C2

http://www.truth-capturemachine.com/w6ya/

Decoy

auden-audio.com

zombieodyssey.com

hdpthg.com

toddtechnical.com

njsdgz.com

yieldfarm.world

guardsveirfynews.net

atmamandir.info

eskisehirtostcusu.online

arrozz.net

v99king.win

jaxonboxing.com

morganevans.net

syandeg.com

valleyofplants.com

corsosportorico.com

tak.support

blacktgpc.com

herdpetshop.com

iifkvhns.xyz

Targets

- Target
  
  55612335.exe
- Size
  
  253KB
- MD5
  
  a1a1a907effaaefa8b463e84234c1355
- SHA1
  
  421a063c16cc03629c5c380399bf9fc303f7c32c
- SHA256
  
  60cfee00408236ba105da652b956603ff2e51ebf2b80e75b900e452235873667
- SHA512
  
  6e6d51c8704c7e7d444dd30c70398012e6cd398db10478ff0f46f93b095209060c9b85831cc1787018d3536f58c2c9043df266b9b17ccb6fa363bbbb5a0125e7
Score

10^/10

formbook w6ya rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2