Overview

overview

10

Static

static

New order list.exe

windows7_x64

10

New order list.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New order list.exe

  • Size

    702KB

  • Sample

    210509-96t3megven

  • MD5

    b547ecb89df9e1ff489f6147aec4d24f

  • SHA1

    3fedd95046f51ae97519463a97dda493485e88c9

  • SHA256

    a9a8118ba7dbac756aa0778ec6680ec681ad2e0bd4ed6ccc121c22b73dfe7b29

  • SHA512

    83a3458904f37a941436fecd117177e9907ec97dc87bccb44cc7c5517aab9ac598f2ed4b07121d530bfa05b5ff683bcd42b4dce85d575c15bc077a19a2c2afec

Score
10/10
formbookpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.joomlas123.info/3nop/

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

Targets

    • Target

      New order list.exe

    • Size

      702KB

    • MD5

      b547ecb89df9e1ff489f6147aec4d24f

    • SHA1

      3fedd95046f51ae97519463a97dda493485e88c9

    • SHA256

      a9a8118ba7dbac756aa0778ec6680ec681ad2e0bd4ed6ccc121c22b73dfe7b29

    • SHA512

      83a3458904f37a941436fecd117177e9907ec97dc87bccb44cc7c5517aab9ac598f2ed4b07121d530bfa05b5ff683bcd42b4dce85d575c15bc077a19a2c2afec

    Score
    10/10
    formbookpersistenceratspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks