Overview

overview

10

Static

static

LENG EAV G...py.exe

windows7_x64

10

LENG EAV G...py.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LENG EAV GROUP-pdf-scan-copy.lzh

  • Size

    385KB

  • Sample

    220131-nwqq2shfd8

  • MD5

    f17fe8e6045281ce9f0ffd49947c9acf

  • SHA1

    4d19e1ac36fb54620ab835cb116bd68ca0e82377

  • SHA256

    bde0129799ae332ca620e04afb99a7292548d4486c1b07b26254f781c2777b67

  • SHA512

    42e53e8b2f8c2e0114e3df1ac207bb9225a77486e03ebbd2ac65f3bc2c620b69f0658cb99132cc1e3ca7e3757d23d2a9377f772ea1ae399597ef58156bc818e7

Score
10/10
formbookm17ypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m17y

Decoy

dental-implants-us-prices.site

eolegends.online

drskinstudio.com

miamivideomapping.com

cqytwater.com

fesfe.net

dlautostore.com

wwwpledge.com

trynutiliti.com

551milesoak.com

jemmetalfab.com

teamtrinitysellsncarolina.com

injurypersonallawyer.com

r3qcf2.xyz

djellaba-boutique.com

t6fwagd.xyz

lm-upto100.com

shyashijz.com

classicbasilicata.com

exactias.com

Targets

    • Target

      LENG EAV GROUP-pdf-scan-copy.exe

    • Size

      518KB

    • MD5

      c5356c7eec60fb77f7538a743cc82e61

    • SHA1

      2fe7d2b6c0c0198e44c935675929e44a1085b5bf

    • SHA256

      99e367c5442ec49f144c330f6518e8648c266cb53a9c903e5829ce658cf6ce0a

    • SHA512

      eb2010259e5172e6000c7ea316663d372c157b5d03c32bc69cf238f4252ef44bff3faa589b08064c7be64602eb7bc75d8226bd65420adc13ed561b38b6590778

    Score
    10/10
    formbookm17yratspywarestealertrojanpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks