formbook

General

Target

5108116c82b8162763aaf8bc8cad549d0fcde544bc021d9657605176b2deb2d3
Size

996KB
Sample

220718-w2evqscge7
MD5

1eb32c7014661d6698c72be1e13cd48a
SHA1

9034b92cbdd575153da93e6e299fef7ad5da19c4
SHA256

5108116c82b8162763aaf8bc8cad549d0fcde544bc021d9657605176b2deb2d3
SHA512

4bc5bf886a0c9c8eb0b9216a4acfeeca27435af651ec8f87d623f91b32e66ad63dcd063d382c3a59561c228f3342b1896424910fa5b155562424727af9e287e3

Score

10^/10

Malware Config

Extracted

Family

netwire

C2

dinesaad.hopto.org:8123

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Extracted

Family

formbook

Version

3.8

Campaign

js3

Decoy

mk-autopflege.com

samanthawipulasinhe.com

hbzxcdc.com

lmcdecorating.com

e-spirit-technologies.com

dragonballgame.com

schedulerapp.info

heavenlyscentusa.com

malrohservice.com

vapmoda.com

elenasvoice.com

bogs.finance

heartworkdesigns.com

onportraits.com

clienteleventures.com

syxfzdj.com

conalider.com

zyd-touch.com

louisianetrotobas.com

zwoyi.info

Targets

- Target
  
  5108116c82b8162763aaf8bc8cad549d0fcde544bc021d9657605176b2deb2d3
- Size
  
  996KB
- MD5
  
  1eb32c7014661d6698c72be1e13cd48a
- SHA1
  
  9034b92cbdd575153da93e6e299fef7ad5da19c4
- SHA256
  
  5108116c82b8162763aaf8bc8cad549d0fcde544bc021d9657605176b2deb2d3
- SHA512
  
  4bc5bf886a0c9c8eb0b9216a4acfeeca27435af651ec8f87d623f91b32e66ad63dcd063d382c3a59561c228f3342b1896424910fa5b155562424727af9e287e3
Score

10^/10

formbook netwire js3 botnet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

NetWire RAT payload

Netwire

Formbook payload

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2