Overview

overview

10

Static

static

neue Ordnung.exe

windows7_x64

10

neue Ordnung.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    neue Ordnung.exe

  • Size

    739KB

  • Sample

    210810-axwyp1nfq2

  • MD5

    b8a6bff0de26505a8671135a34c21ff9

  • SHA1

    3da946ce135ebc855d27681a9baffb8204013ab7

  • SHA256

    ca928ee1114c01bf51f11b5200d0da9a823cd35cc4e616ddd3f44ddd3f3fcb56

  • SHA512

    9804648531b9bb9d9e4d3632b0f43dfd5fd5423a12571376900b7801a2b0f0e20be5bbef04ec76d59139f9a1df7dd162d784f63a4caea82746768d25578cbc13

Score
10/10
formbookodseratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

C2

http://www.guncelekspres.com/odse/

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Targets

    • Target

      neue Ordnung.exe

    • Size

      739KB

    • MD5

      b8a6bff0de26505a8671135a34c21ff9

    • SHA1

      3da946ce135ebc855d27681a9baffb8204013ab7

    • SHA256

      ca928ee1114c01bf51f11b5200d0da9a823cd35cc4e616ddd3f44ddd3f3fcb56

    • SHA512

      9804648531b9bb9d9e4d3632b0f43dfd5fd5423a12571376900b7801a2b0f0e20be5bbef04ec76d59139f9a1df7dd162d784f63a4caea82746768d25578cbc13

    Score
    10/10
    formbookodseratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks