formbook | 01622d3e6d14184769fc2b052e32588b7bbd86f5a61e511f395db4695d7018a9 | Triage

Sharing

General

Target

LVpromo.exe
Size

769KB
Sample

220126-lz3hxabhg7
MD5

77e85ad8891096baba68e44b43f2f820
SHA1

11517a0e9f4c5f39170f8083436ff6156b5ecf7b
SHA256

01622d3e6d14184769fc2b052e32588b7bbd86f5a61e511f395db4695d7018a9
SHA512

7c6727fe6a9a2092e576d75cb4ad2cf22f9b2fcba394049430e236590a38d9a90590f52ea89ea96a82e8226e61a70b6e41ab89a7fc6fca9fed13ddcabf4c6a7a

Score

10^/10

formbook oh75 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Targets

- Target
  
  LVpromo.exe
- Size
  
  769KB
- MD5
  
  77e85ad8891096baba68e44b43f2f820
- SHA1
  
  11517a0e9f4c5f39170f8083436ff6156b5ecf7b
- SHA256
  
  01622d3e6d14184769fc2b052e32588b7bbd86f5a61e511f395db4695d7018a9
- SHA512
  
  7c6727fe6a9a2092e576d75cb4ad2cf22f9b2fcba394049430e236590a38d9a90590f52ea89ea96a82e8226e61a70b6e41ab89a7fc6fca9fed13ddcabf4c6a7a
Score

10^/10

formbook oh75 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookoh75ratspywarestealertrojan

behavioral2

formbookoh75ratspywarestealertrojan