Overview

overview

10

Static

static

3

LF20240228.exe

windows7-x64

10

LF20240228.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LF20240228.exe

  • Size

    652KB

  • Sample

    240326-p1slwaae93

  • MD5

    26a38af05a6bdd23f047eb65fee67251

  • SHA1

    61633e621f7d7cdcca5936b27a18cfe7e5169aae

  • SHA256

    3bd968f2cff76757eb1bf75e19e8302ef97417c65ce9c0accf578eafae435c6a

  • SHA512

    7d852f05e4377b77691c3c7517609b6bd12c96d0c5dfe0bb330974ff891731529c12da9a7d52ea0f4e526fd35ce35237bfe40d2099afc12f59e58f95157e16b9

  • SSDEEP

    12288:JCTYHa5WHBh2Izs6vHhIlvyuq7it546mz2p9:QTYNHU6vHKlvU7ij46mKp

Score
10/10
formbookhy07ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hy07

Decoy

katemclaughl.in

worthyofficial.com

digitopia.click

ledmee.com

siwaasnz.life

ba-y.com

specifiedbuild.com

abandoned-houses-pt-0.bond

yesxoit.xyz

onlinemehrgeld.com

gosysamergoods.com

speakdontell.com

brokenequipmentsolutions.online

gruppofebi.cloud

adilosk.shop

supplierpartnerportal.com

wizov.dev

fast-homeinsurance.com

j88.vote

onamaevn.com

Targets

    • Target

      LF20240228.exe

    • Size

      652KB

    • MD5

      26a38af05a6bdd23f047eb65fee67251

    • SHA1

      61633e621f7d7cdcca5936b27a18cfe7e5169aae

    • SHA256

      3bd968f2cff76757eb1bf75e19e8302ef97417c65ce9c0accf578eafae435c6a

    • SHA512

      7d852f05e4377b77691c3c7517609b6bd12c96d0c5dfe0bb330974ff891731529c12da9a7d52ea0f4e526fd35ce35237bfe40d2099afc12f59e58f95157e16b9

    • SSDEEP

      12288:JCTYHa5WHBh2Izs6vHhIlvyuq7it546mz2p9:QTYNHU6vHKlvU7ij46mKp

    Score
    10/10
    formbookhy07ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks