formbook | 920b2a34a93f5add23dbc71393cda484518b2a23ced20e57864a069469999999 | Triage

Sharing

General

Target

920b2a34a93f5add23dbc71393cda484518b2a23ced20e57864a069469999999
Size

412KB
Sample

211206-hm6s1sgcc9
MD5

3c34fff9a8a4047126882131e24da454
SHA1

71764d7a1c5a3c64047b9c2fb834fbaadea693b5
SHA256

920b2a34a93f5add23dbc71393cda484518b2a23ced20e57864a069469999999
SHA512

ba9454d9615ee605ea0c339028a0342840dc119b4f3d8022c250733ee34a625966596e68a1b1e5e2711899fe9a2f82ad92cf843dd2c4d37bda33dd6e62af9701

Score

10^/10

formbook og2w rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

- Target
  
  920b2a34a93f5add23dbc71393cda484518b2a23ced20e57864a069469999999
- Size
  
  412KB
- MD5
  
  3c34fff9a8a4047126882131e24da454
- SHA1
  
  71764d7a1c5a3c64047b9c2fb834fbaadea693b5
- SHA256
  
  920b2a34a93f5add23dbc71393cda484518b2a23ced20e57864a069469999999
- SHA512
  
  ba9454d9615ee605ea0c339028a0342840dc119b4f3d8022c250733ee34a625966596e68a1b1e5e2711899fe9a2f82ad92cf843dd2c4d37bda33dd6e62af9701
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealertrojan