Overview

overview

10

Static

static

LENG EAV G...py.exe

windows7_x64

10

LENG EAV G...py.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LENG EAV GROUP-pdf-scan-copy.exe

  • Size

    518KB

  • Sample

    220131-fgb1cafbej

  • MD5

    c5356c7eec60fb77f7538a743cc82e61

  • SHA1

    2fe7d2b6c0c0198e44c935675929e44a1085b5bf

  • SHA256

    99e367c5442ec49f144c330f6518e8648c266cb53a9c903e5829ce658cf6ce0a

  • SHA512

    eb2010259e5172e6000c7ea316663d372c157b5d03c32bc69cf238f4252ef44bff3faa589b08064c7be64602eb7bc75d8226bd65420adc13ed561b38b6590778

Score
10/10
formbookm17yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m17y

Decoy

dental-implants-us-prices.site

eolegends.online

drskinstudio.com

miamivideomapping.com

cqytwater.com

fesfe.net

dlautostore.com

wwwpledge.com

trynutiliti.com

551milesoak.com

jemmetalfab.com

teamtrinitysellsncarolina.com

injurypersonallawyer.com

r3qcf2.xyz

djellaba-boutique.com

t6fwagd.xyz

lm-upto100.com

shyashijz.com

classicbasilicata.com

exactias.com

Targets

    • Target

      LENG EAV GROUP-pdf-scan-copy.exe

    • Size

      518KB

    • MD5

      c5356c7eec60fb77f7538a743cc82e61

    • SHA1

      2fe7d2b6c0c0198e44c935675929e44a1085b5bf

    • SHA256

      99e367c5442ec49f144c330f6518e8648c266cb53a9c903e5829ce658cf6ce0a

    • SHA512

      eb2010259e5172e6000c7ea316663d372c157b5d03c32bc69cf238f4252ef44bff3faa589b08064c7be64602eb7bc75d8226bd65420adc13ed561b38b6590778

    Score
    10/10
    formbookm17yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks