Overview

overview

10

Static

static

New Orders...df.exe

windows7_x64

10

New Orders...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Orders 122020 2 x 40 HQ.pdf.exe

  • Size

    642KB

  • Sample

    210510-21wj7nhgan

  • MD5

    a02437aa430c0ca2847115f6ca17d0a3

  • SHA1

    1fa9f7f2bae891e8e06e73bd01abf18e839829a6

  • SHA256

    8df52ba27a44fa2964a2fe9de4894aefa47b3c09abaeeb9602bde6d96926136e

  • SHA512

    7983864d374d31b9b5a286afbed5024f61e8636b5ca374c421ceb888699919b10ee05951713b49b56e1df4eb64eb8ea931550a9ecf6993542eef1e159eed40a3

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.supinapp.com/grv/

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

    • Target

      New Orders 122020 2 x 40 HQ.pdf.exe

    • Size

      642KB

    • MD5

      a02437aa430c0ca2847115f6ca17d0a3

    • SHA1

      1fa9f7f2bae891e8e06e73bd01abf18e839829a6

    • SHA256

      8df52ba27a44fa2964a2fe9de4894aefa47b3c09abaeeb9602bde6d96926136e

    • SHA512

      7983864d374d31b9b5a286afbed5024f61e8636b5ca374c421ceb888699919b10ee05951713b49b56e1df4eb64eb8ea931550a9ecf6993542eef1e159eed40a3

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks