Overview

overview

10

Static

static

NEW ORDER ...85.exe

windows7_x64

10

NEW ORDER ...85.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER ELO-05756485.exe

  • Size

    528KB

  • Sample

    210408-kwqyb9jvx6

  • MD5

    ef847f9fc2339b9470150fef1105b5fe

  • SHA1

    eb9b2c97525c2b167d1ae4bdeba308f1c4d9206d

  • SHA256

    9e54241184e45b1950037313896e0d2e864cc9d373f5a2f14b0af405094fd1a4

  • SHA512

    ea26bb55d9d79ca887b184b71746328e65b06b24d701d7856f6f416a1fc93f750580b68a8204b30eb94dabc9e899e4baf4358f23ef5ce7ea23308369b5be4c10

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.dingolope.com/riai/

Decoy

856380892.xyz

goproteinz.com

girigratis.com

4schwuleautoren.com

artofwrestlingicons.com

miles4moms.com

tamiigun.com

noritamoneyconsultants.net

blacklionllc.net

elevictory.com

happinessmail.com

thymocide.net

123goimmo.com

advocate4deaf.com

lovelyforum.net

rentlondonapartment.com

weinsureplanes.com

tagfqjxf.icu

thewellbeingsutra.com

enibo-official.com

Targets

    • Target

      NEW ORDER ELO-05756485.exe

    • Size

      528KB

    • MD5

      ef847f9fc2339b9470150fef1105b5fe

    • SHA1

      eb9b2c97525c2b167d1ae4bdeba308f1c4d9206d

    • SHA256

      9e54241184e45b1950037313896e0d2e864cc9d373f5a2f14b0af405094fd1a4

    • SHA512

      ea26bb55d9d79ca887b184b71746328e65b06b24d701d7856f6f416a1fc93f750580b68a8204b30eb94dabc9e899e4baf4358f23ef5ce7ea23308369b5be4c10

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks