Overview

overview

10

Static

static

order.exe

windows7_x64

10

order.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order.exe

  • Size

    503KB

  • Sample

    200716-mv5ylaf6la

  • MD5

    a280142137b1aeb5e45c793e2ab317dc

  • SHA1

    ba95a539e94f0a82f2140522902d770730e76aaa

  • SHA256

    95574ab20f094a30ec1f5d3cd6694e6afd0a5c4809e0151f5bd2b427bbbb33df

  • SHA512

    c52605c490dce8d9e98bfa5a28d68a738e5ff3e817820439e0bb86c5d07a556c5df5df640e5527f0da33e8b0557ae547c2cc9b8d2d0460ceb6baf151764b6f37

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      order.exe

    • Size

      503KB

    • MD5

      a280142137b1aeb5e45c793e2ab317dc

    • SHA1

      ba95a539e94f0a82f2140522902d770730e76aaa

    • SHA256

      95574ab20f094a30ec1f5d3cd6694e6afd0a5c4809e0151f5bd2b427bbbb33df

    • SHA512

      c52605c490dce8d9e98bfa5a28d68a738e5ff3e817820439e0bb86c5d07a556c5df5df640e5527f0da33e8b0557ae547c2cc9b8d2d0460ceb6baf151764b6f37

    Score
    10/10
    evasionspywaretrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks