formbook | 8ecc67e648078fa01a53b0c20ffaa8896e0bd3cc1ce5baca9ff6ddd7cd41b266 | Triage

Sharing

General

Target

8ecc67e648078fa01a53b0c20ffaa8896e0bd3cc1ce5baca9ff6ddd7cd41b266
Size

483KB
Sample

211124-w9ceksgff2
MD5

5a7590d95bea1d652bc15e61f0fb9305
SHA1

26c9ef5ef0db8052f9eb9c4ad5e46e993d602b71
SHA256

8ecc67e648078fa01a53b0c20ffaa8896e0bd3cc1ce5baca9ff6ddd7cd41b266
SHA512

505ca1a2ef061f83fd843632317ab2b9011cb51a0bc99d70e6e433dacfad2e60721fb1bcab0f3d303d4e9d0d2c1913cf7194645513a787baf7fb3810a63738d2

Score

10^/10

formbook og2w rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

- Target
  
  8ecc67e648078fa01a53b0c20ffaa8896e0bd3cc1ce5baca9ff6ddd7cd41b266
- Size
  
  483KB
- MD5
  
  5a7590d95bea1d652bc15e61f0fb9305
- SHA1
  
  26c9ef5ef0db8052f9eb9c4ad5e46e993d602b71
- SHA256
  
  8ecc67e648078fa01a53b0c20ffaa8896e0bd3cc1ce5baca9ff6ddd7cd41b266
- SHA512
  
  505ca1a2ef061f83fd843632317ab2b9011cb51a0bc99d70e6e433dacfad2e60721fb1bcab0f3d303d4e9d0d2c1913cf7194645513a787baf7fb3810a63738d2
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealertrojan