Overview

overview

10

Static

static

NEW ORDER_pdf.exe

windows7_x64

10

NEW ORDER_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER_pdf.exe

  • Size

    895KB

  • Sample

    210114-5yqexaafk2

  • MD5

    8e1ad5c73d1b372892f6c15df6bf9ccd

  • SHA1

    3a48d338e78b76d76beb124a1b51f53950a2da17

  • SHA256

    7ca6fd35f23ebe9ef2a3dc7a1d6e95fa1569a80eff9987e2b4126c3b757aabda

  • SHA512

    0915102ee77a2115399e86699c5bf9fd5d51322d39c212cd3ee7c917d20c7d258f1bc9b6ea358f2f10ef36dae63f2104ee75b72c4b883d08befbc3f7ea27c53b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.freshpixels.agency/wls/

Decoy

brandcamapp.com

hotels-online.net

godsbaconjitters.com

renpaulhotpot.com

bikescarznguitarz.com

amelclothing.com

zhuqiuhui.space

theolivetreeonline.com

yizddmall.com

junkshoptheatre.com

smithylabs.com

cocokaraget.com

rayscollectibles.com

encinolandscapedesign.com

trzeks1.com

jstracker.net

cloudadventure.zone

emilyshines.com

exiledfg.com

seasisterscoastal.com

Targets

    • Target

      NEW ORDER_pdf.exe

    • Size

      895KB

    • MD5

      8e1ad5c73d1b372892f6c15df6bf9ccd

    • SHA1

      3a48d338e78b76d76beb124a1b51f53950a2da17

    • SHA256

      7ca6fd35f23ebe9ef2a3dc7a1d6e95fa1569a80eff9987e2b4126c3b757aabda

    • SHA512

      0915102ee77a2115399e86699c5bf9fd5d51322d39c212cd3ee7c917d20c7d258f1bc9b6ea358f2f10ef36dae63f2104ee75b72c4b883d08befbc3f7ea27c53b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks