Overview

overview

10

Static

static

1

tochi8890.exe

windows7-x64

10

tochi8890.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tochi8890.exe

  • Size

    380KB

  • Sample

    221226-g2lkysce74

  • MD5

    e6a3f8446e8c63e54c07d19e998beadc

  • SHA1

    6ca4d481b05669ea71d3bc4bad3ba4cb8b08a83a

  • SHA256

    5c7f3940dc39fd1f58d2d5a3d8666d6530ceb4ae9271dd3261d4f2523f517fb8

  • SHA512

    2f54a3c6a38fddb04f8bf18fa7e0b6b59ee8c50833da05c6ad400680d4a7c484f52e07dd932f5395dd38fe539f4ae14be5418fc9c24d0261d1a05814a4c2fa60

  • SSDEEP

    6144:XEbDTKQSvqBwF02+YAUKl1NT9nDT43GhfKHW42g7w7tBD/6pV5lPhDoLVX/sQwlq:8cT2/U8rTxDT7fK2Xg7w7bDipVto9/DH

Score
10/10
formbooklh24ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lh24

Decoy

50spage.com

acesalamo.xyz

magicair.org.uk

jrroyalps.com

hohot.xyz

affichecrea.com

2048xtw.net

atlas-pars.com

cqxjbz.com

180bingxue.com

coupdechacal.com

k00050.com

twin-vitro.net

haverninstitute.com

espada-japonesa.com

launchcu.info

discountauto.club

8o7eventhebrand.com

fishersmarinaandcampground.com

crystalfloodplain.com

Targets

    • Target

      tochi8890.exe

    • Size

      380KB

    • MD5

      e6a3f8446e8c63e54c07d19e998beadc

    • SHA1

      6ca4d481b05669ea71d3bc4bad3ba4cb8b08a83a

    • SHA256

      5c7f3940dc39fd1f58d2d5a3d8666d6530ceb4ae9271dd3261d4f2523f517fb8

    • SHA512

      2f54a3c6a38fddb04f8bf18fa7e0b6b59ee8c50833da05c6ad400680d4a7c484f52e07dd932f5395dd38fe539f4ae14be5418fc9c24d0261d1a05814a4c2fa60

    • SSDEEP

      6144:XEbDTKQSvqBwF02+YAUKl1NT9nDT43GhfKHW42g7w7tBD/6pV5lPhDoLVX/sQwlq:8cT2/U8rTxDT7fK2Xg7w7bDipVto9/DH

    Score
    10/10
    formbooklh24ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks