Overview

overview

10

Static

static

Neue Beste...45.scr

windows7_x64

10

Neue Beste...45.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neue Bestellung 000345.scr

  • Size

    397KB

  • Sample

    211001-pxxfnabghp

  • MD5

    70717765e3e087b5f86b94696017e9dd

  • SHA1

    e0c650602247b5387c5efcf3944977ad31c6d543

  • SHA256

    5f037c930f37e4307f4582f99aab214301591f3b87e9a0500cc3c7130fa209b1

  • SHA512

    2aae99f2e334b4a3986ee36390e9419aaf6dbd42bcb1373708939ee0070155d7997a5d58640f89c18336bab6e6f39b4a728453c52678443ccbab9bd36cece6fb

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Neue Bestellung 000345.scr

    • Size

      397KB

    • MD5

      70717765e3e087b5f86b94696017e9dd

    • SHA1

      e0c650602247b5387c5efcf3944977ad31c6d543

    • SHA256

      5f037c930f37e4307f4582f99aab214301591f3b87e9a0500cc3c7130fa209b1

    • SHA512

      2aae99f2e334b4a3986ee36390e9419aaf6dbd42bcb1373708939ee0070155d7997a5d58640f89c18336bab6e6f39b4a728453c52678443ccbab9bd36cece6fb

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Formbook Payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks