Overview

overview

10

Static

static

ORDER7946ERA-LBT.exe

windows7_x64

3

ORDER7946ERA-LBT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER7946ERA-LBT.exe

  • Size

    664KB

  • Sample

    210408-k9ewz41q3a

  • MD5

    b36e69f884b74fe568bdb7fdb06362cb

  • SHA1

    e17782339164117645128597cfd22152c80cf229

  • SHA256

    9f578e7bf0375c366223406cd1504c79feb2f2408f88ffbccc22cd1bc3237389

  • SHA512

    ab22ad98a9a14be9607e7205384cf77e937715fcbd90f2dad240d0992094c6f0e945db0eca96081dc4728b22fe658cfb6936e123ebf1b802e045e433e2ea7792

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.valoremamma.com/cw3g/

Decoy

qiuxi.ltd

kylayagerartwork.com

qzgay.com

riverandroadfilms.com

easislip.com

ma3loomat.info

babyuniverses.com

ovvldbxmd.icu

fthiscompany.com

tabac-control.com

x7exf2.com

juxrams.info

californialaserspinesurgery.com

theindielawyer.com

jxaotu.com

epostakutun.com

pappyjackburgershack.com

fgafinancialgroup.com

ddiesels.com

thesixthdesign.com

Targets

    • Target

      ORDER7946ERA-LBT.exe

    • Size

      664KB

    • MD5

      b36e69f884b74fe568bdb7fdb06362cb

    • SHA1

      e17782339164117645128597cfd22152c80cf229

    • SHA256

      9f578e7bf0375c366223406cd1504c79feb2f2408f88ffbccc22cd1bc3237389

    • SHA512

      ab22ad98a9a14be9607e7205384cf77e937715fcbd90f2dad240d0992094c6f0e945db0eca96081dc4728b22fe658cfb6936e123ebf1b802e045e433e2ea7792

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks