Overview

overview

10

Static

static

Order.exe

windows7_x64

7

Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order.exe

  • Size

    455KB

  • Sample

    200709-rd9yfpjp5s

  • MD5

    5e2a18631c1939da9714b50ad9b7d714

  • SHA1

    99671915c1e4a6316242e06dcb1398d4152d57fc

  • SHA256

    eb6567e1510a2fbe48c640daf96b0301df0e969b09d3bbd8cd2093e91963efb1

  • SHA512

    457786aae6864a93d196c045ebc6b43083359bf840726e2eef91ef4688cebe141673e13236885c8e176a5b73a51d4c4233a9e3b7b23bc7a624922e023b4851b5

Score
10/10
formbookpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Order.exe

    • Size

      455KB

    • MD5

      5e2a18631c1939da9714b50ad9b7d714

    • SHA1

      99671915c1e4a6316242e06dcb1398d4152d57fc

    • SHA256

      eb6567e1510a2fbe48c640daf96b0301df0e969b09d3bbd8cd2093e91963efb1

    • SHA512

      457786aae6864a93d196c045ebc6b43083359bf840726e2eef91ef4688cebe141673e13236885c8e176a5b73a51d4c4233a9e3b7b23bc7a624922e023b4851b5

    Score
    10/10
    persistencespywaretrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks