Overview

overview

10

Static

static

1

waterlac4.1.exe

windows7-x64

8

waterlac4.1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    waterlac4.1.exe

  • Size

    772KB

  • Sample

    221213-hw5bjseb95

  • MD5

    1711e869b92ee00965b3ee9137b1661a

  • SHA1

    18bcf67094b11883c1f97bbec77ba7322cb1fbe1

  • SHA256

    2c75e868a52c52b94d15f6df36dfb1eb5522418c61f8a9081319855fb302e403

  • SHA512

    263da213a81c7bf108dd60e5a8c1fcd8deffa682e24b403b20728daf0754f66261be91c46f0434a0bd899eb9894d4b26615992908d7c91f1532ba32921fba088

  • SSDEEP

    12288:sBlMPUUGCBBy9HYQxFVqpjEUHf1vfwHLRGk/TwyDlmaWOuu6ri43uQ:kCBByp1HQjqrRGkdDkg6v3F

Score
10/10
formbook8rmtratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

8rmt

Decoy

3472cc.com

takecareyourhair.com

kontolajigasd21.xyz

daihaitrinh.net

syncmostlatestinfo-file.info

lovesolutionsastrologist.info

angelapryan.com

rio727casino.com

jjsgagets.com

devyatkina.online

thegoldenbeautyqatar.com

czytaj-unas24live.monster

timepoachers.com

gayxxxporn.site

72308.xyz

kristanolivo.com

hijrahfwd.com

bmfighters.com

alfamx.website

handfulofbabesbows.com

Targets

    • Target

      waterlac4.1.exe

    • Size

      772KB

    • MD5

      1711e869b92ee00965b3ee9137b1661a

    • SHA1

      18bcf67094b11883c1f97bbec77ba7322cb1fbe1

    • SHA256

      2c75e868a52c52b94d15f6df36dfb1eb5522418c61f8a9081319855fb302e403

    • SHA512

      263da213a81c7bf108dd60e5a8c1fcd8deffa682e24b403b20728daf0754f66261be91c46f0434a0bd899eb9894d4b26615992908d7c91f1532ba32921fba088

    • SSDEEP

      12288:sBlMPUUGCBBy9HYQxFVqpjEUHf1vfwHLRGk/TwyDlmaWOuu6ri43uQ:kCBByp1HQjqrRGkdDkg6v3F

    Score
    10/10
    formbook8rmtratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks