formbook | 58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf | Triage

Sharing

General

Target

58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
Size

311KB
Sample

211109-nx5llafbd7
MD5

5336c524e14753aeacf55d47d243a5c7
SHA1

57dd79737e08b2669fec5926fb6d283e36fccee3
SHA256

58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
SHA512

9237b2e210b4c9c2a61baec0306d826f0b93fe7f52734ca0fe59a87aa23a453466320ecc49b728ce87bc26d1884e3a7e6b8d0c683497bc10891a5fb88dd5feac

Score

10^/10

formbook dyh6 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dyh6

C2

http://www.tttk8.site/dyh6/

Decoy

ximmgepn.xyz

bonitacandle.com

thesneakerhubofficial.com

miabags.online

maboxhistoire.com

viral22.com

gracebruno.xyz

safetycare.xyz

aerith.store

mountaingirlbbq.com

bhbuildertest-ecom.space

klhcn.com

guizhouhl.top

noreply-engagementboost.com

derdmlaucaty.store

viffetrade.com

iesyttsn.xyz

msumon.com

autoforos.com

carlosmorgan.com

Targets

- Target
  
  58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
- Size
  
  311KB
- MD5
  
  5336c524e14753aeacf55d47d243a5c7
- SHA1
  
  57dd79737e08b2669fec5926fb6d283e36fccee3
- SHA256
  
  58de41e1c48a304c1f7f289fe5c8976d82b8968aae89497adf7c60cda25deaaf
- SHA512
  
  9237b2e210b4c9c2a61baec0306d826f0b93fe7f52734ca0fe59a87aa23a453466320ecc49b728ce87bc26d1884e3a7e6b8d0c683497bc10891a5fb88dd5feac
Score

10^/10

formbook dyh6 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookdyh6ratspywarestealertrojan