formbook | 36d8a4369922f9ff965bc763a9f8ee775b4e4377fcd0d60ffdd58e742209f5d4 | Triage

Sharing

General

Target

LVvoucher.lzh
Size

394KB
Sample

220128-kd64jaade3
MD5

144fbd1becb692e570621421cd4077cc
SHA1

e5b471798c529010fde25ad110b1591fbda1ed54
SHA256

36d8a4369922f9ff965bc763a9f8ee775b4e4377fcd0d60ffdd58e742209f5d4
SHA512

01441de1328db56dea721d93c35ae5e27ec922a553cd44063e78982c41bae1377432efe8400fbbe213d339ef7f520ef43d591ed4a5449f0b8bb681f0357c27a5

Score

10^/10

formbook oh75 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Targets

- Target
  
  LVvoucher.exe
- Size
  
  779KB
- MD5
  
  4f2cf362036af705349843df3419ae5d
- SHA1
  
  49dfd4b26e8c9f2cc76df24c55e6616f438bf422
- SHA256
  
  77604e2646be4fb59a16e33ca5e78a73ec5045b8f1cce6f5ba16c11304b1c2ee
- SHA512
  
  8b5682f5955cdb1e1218735d100234f571f27a2b793cedd68572e8e62a1cef0cf716327b44fbaa3f29bc792a5e842bbfc8320ed175580333dc57eff8cf7fb586
Score

10^/10

formbook oh75 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

formbookoh75ratspywarestealertrojan