Overview

overview

10

Static

static

NEW ORDER ...64.exe

windows7_x64

10

NEW ORDER ...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER - BLL04658464.exe

  • Size

    641KB

  • Sample

    210408-wbzqhptbzs

  • MD5

    c43b615ee95f80f037b142b55decf144

  • SHA1

    1cb557a6198866592dd0644d0561edafae222f06

  • SHA256

    fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

  • SHA512

    189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.bendhighswimming.com/crdi/

Decoy

propertyjumpstartwebinar.com

boc-vip.club

polestarnyc.com

travelonlinebiz.com

bukovynaent.com

bestfashoin.com

miniindiastore.com

wehatebillgates.com

holmescountyjusticecourt.com

colectivorenovemosjuntos.com

houstowarehouse.com

aocsw.com

sml-uniform.com

bandanasaint.com

petposhdeluxe.com

ezcscpawq.com

ladiesoption.club

refixu.com

selfwrrrth.com

rovietry.com

Targets

    • Target

      NEW ORDER - BLL04658464.exe

    • Size

      641KB

    • MD5

      c43b615ee95f80f037b142b55decf144

    • SHA1

      1cb557a6198866592dd0644d0561edafae222f06

    • SHA256

      fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

    • SHA512

      189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks