Overview

overview

10

Static

static

NEW_ORDERS...HQ.exe

windows7_x64

10

NEW_ORDERS...HQ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW_ORDERS 122020 2 x 40 HQ.exe

  • Size

    805KB

  • Sample

    210508-j1rxhm38vj

  • MD5

    7ceac88b29ab061f0fc1f9915006060f

  • SHA1

    b7cceb6c9e8c50cda1b6f8643f2d123ca100d8b2

  • SHA256

    8a116bfcbc1c440c1491513ee9efde46fe7f2e7f24fcdb3f43ee21d0917face7

  • SHA512

    dd6a0a57db0d85064962c8f8809d512a88294d4e773f9cb3acf033794edd647e1c4b9e24f4b774b858dcfdfc26def801c57d8f185300ae8784e8e5a0c8e44394

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.supinapp.com/grv/

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

    • Target

      NEW_ORDERS 122020 2 x 40 HQ.exe

    • Size

      805KB

    • MD5

      7ceac88b29ab061f0fc1f9915006060f

    • SHA1

      b7cceb6c9e8c50cda1b6f8643f2d123ca100d8b2

    • SHA256

      8a116bfcbc1c440c1491513ee9efde46fe7f2e7f24fcdb3f43ee21d0917face7

    • SHA512

      dd6a0a57db0d85064962c8f8809d512a88294d4e773f9cb3acf033794edd647e1c4b9e24f4b774b858dcfdfc26def801c57d8f185300ae8784e8e5a0c8e44394

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks