Overview

overview

10

Static

static

1

new order.exe

windows7_x64

10

new order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order.exe

  • Size

    226KB

  • Sample

    210506-vnfdj6cr26

  • MD5

    98aeda5516413b7a6213680385f91f90

  • SHA1

    7065a8d97a5f29159f161dd184eedcf81e53c0d4

  • SHA256

    e47fa9824fd9f5f8e8b42fb02f53cfbf57b7c784d54c9e76ed247a9d297835cf

  • SHA512

    1d95a5f1b99a0061e8905919ed38d91855512f546c7287d04a27b705bc0b4ba8308de356777b37a61f8d0f295f4f2540eec4b7752acb66197a9c746b6a908155

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      new order.exe

    • Size

      226KB

    • MD5

      98aeda5516413b7a6213680385f91f90

    • SHA1

      7065a8d97a5f29159f161dd184eedcf81e53c0d4

    • SHA256

      e47fa9824fd9f5f8e8b42fb02f53cfbf57b7c784d54c9e76ed247a9d297835cf

    • SHA512

      1d95a5f1b99a0061e8905919ed38d91855512f546c7287d04a27b705bc0b4ba8308de356777b37a61f8d0f295f4f2540eec4b7752acb66197a9c746b6a908155

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks