formbook

General

Target

maxx[1].bin.zip
Size

296KB
Sample

211109-ntkr1sfbc8
MD5

0719cc6dc1c4983588fa8c3f1891cbe0
SHA1

93822e20411c38ad9b0d81dc8a2331dd6f1244a2
SHA256

f52385cdf40462b777d24c08f82828b1d28fdfce3e07873c918266686a3914f9
SHA512

5a65601e9efbb11b6931a379c06e68e7add72546ec1a58e5bb746bb8fb638fc54a692f32ee5de8b79ecd446f1da2e335caddf21a8c13235723cdb4bc0493d29d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dyh6

C2

http://www.tttk8.site/dyh6/

Decoy

ximmgepn.xyz

bonitacandle.com

thesneakerhubofficial.com

miabags.online

maboxhistoire.com

viral22.com

gracebruno.xyz

safetycare.xyz

aerith.store

mountaingirlbbq.com

bhbuildertest-ecom.space

klhcn.com

guizhouhl.top

noreply-engagementboost.com

derdmlaucaty.store

viffetrade.com

iesyttsn.xyz

msumon.com

autoforos.com

carlosmorgan.com

Targets

- Target
  
  maxx[1].bin
- Size
  
  311KB
- MD5
  
  5336c524e14753aeacf55d47d243a5c7
- SHA1
  
  57dd79737e08b2669fec5926fb6d283e36fccee3
- SHA256
  
  58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
- SHA512
  
  9237b2e210b4c9c2a61baec0306d826f0b93fe7f52734ca0fe59a87aa23a453466320ecc49b728ce87bc26d1884e3a7e6b8d0c683497bc10891a5fb88dd5feac
Score

10^/10

formbook dyh6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2