Overview

overview

10

Static

static

Sales_Orde...on.exe

windows7_x64

10

Sales_Orde...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sales_Order description.exe

  • Size

    476KB

  • Sample

    210408-zpjhykgb2x

  • MD5

    9cf418b47ac9b4039e9d2f3073b525f0

  • SHA1

    1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

  • SHA256

    9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

  • SHA512

    c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.discorddeno.land/suod/

Decoy

casirivimab.info

johnvogia.com

lzdafang.com

tarihmarketi.com

singalongpress.com

three60farms.com

websky.pro

jacketsmecca.com

magentos6.com

brooksideseniorapts.com

onewhistleandflags.com

naturopathe-valdoise-france.com

reflexmem.com

kurumsalpanel.com

bhuwarecruitment.com

exponentialhealth.online

posttensionrepairs.com

prbrokerllc.com

aashealthcarestaffing.com

pubgeventcenter.com

Targets

    • Target

      Sales_Order description.exe

    • Size

      476KB

    • MD5

      9cf418b47ac9b4039e9d2f3073b525f0

    • SHA1

      1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

    • SHA256

      9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

    • SHA512

      c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Nirsoft

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks