Overview

overview

10

Static

static

3

LF2024022.exe

windows7-x64

10

LF2024022.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LF2024022.exe

  • Size

    629KB

  • Sample

    240428-lbyj2sce59

  • MD5

    027ac6bf381a0b5d842c137e2240624c

  • SHA1

    6cb5e6d9d7eb76993064c8b36465fcd47fc14d11

  • SHA256

    a5a473bc3d643ce300b72af75ae8f7a0d47ee983f1160707606ef9e818bb1a2f

  • SHA512

    404b3cf245b4b8634844fa9428a101b1cb86e6d8c76b9042800d62434bb227715b39d109e926da8adc8216e036f3649a596b106f582402b93b92483cd945f4a4

  • SSDEEP

    12288:uNgLeFR6rXlv312Z3vBr+nIUcos1N7PCwSw6Z:VXJ312ZvBgIUcF7PN

Score
10/10
formbookjn17ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jn17

Decoy

hynasty.com

africacementreview.com

5280micropantry.com

qcyu2.us

jl777-web.com

hcwsports.com

update-number-au.com

ymymvip.top

postds.buzz

dogwifnobrim.com

usapubpong.com

shopscoopido.com

medical-equipment.company

onyagu.com

tldrparent.com

jvpeople.com

seangalbraithphotography.com

ptt-gov.art

mutcosmeticsec.com

metameme.online

Targets

    • Target

      LF2024022.exe

    • Size

      629KB

    • MD5

      027ac6bf381a0b5d842c137e2240624c

    • SHA1

      6cb5e6d9d7eb76993064c8b36465fcd47fc14d11

    • SHA256

      a5a473bc3d643ce300b72af75ae8f7a0d47ee983f1160707606ef9e818bb1a2f

    • SHA512

      404b3cf245b4b8634844fa9428a101b1cb86e6d8c76b9042800d62434bb227715b39d109e926da8adc8216e036f3649a596b106f582402b93b92483cd945f4a4

    • SSDEEP

      12288:uNgLeFR6rXlv312Z3vBr+nIUcos1N7PCwSw6Z:VXJ312ZvBgIUcF7PN

    Score
    10/10
    formbookjn17ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Command and Scripting Interpreter

1
T1059

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks