Overview

overview

10

Static

static

LVvoucher.exe

windows7_x64

10

LVvoucher.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LVvoucher.exe

  • Size

    779KB

  • Sample

    220128-kd64jahhaj

  • MD5

    4f2cf362036af705349843df3419ae5d

  • SHA1

    49dfd4b26e8c9f2cc76df24c55e6616f438bf422

  • SHA256

    77604e2646be4fb59a16e33ca5e78a73ec5045b8f1cce6f5ba16c11304b1c2ee

  • SHA512

    8b5682f5955cdb1e1218735d100234f571f27a2b793cedd68572e8e62a1cef0cf716327b44fbaa3f29bc792a5e842bbfc8320ed175580333dc57eff8cf7fb586

Score
10/10
formbookoh75ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Targets

    • Target

      LVvoucher.exe

    • Size

      779KB

    • MD5

      4f2cf362036af705349843df3419ae5d

    • SHA1

      49dfd4b26e8c9f2cc76df24c55e6616f438bf422

    • SHA256

      77604e2646be4fb59a16e33ca5e78a73ec5045b8f1cce6f5ba16c11304b1c2ee

    • SHA512

      8b5682f5955cdb1e1218735d100234f571f27a2b793cedd68572e8e62a1cef0cf716327b44fbaa3f29bc792a5e842bbfc8320ed175580333dc57eff8cf7fb586

    Score
    10/10
    formbookoh75ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks