Overview

overview

10

Static

static

1

ORDEN DE COMPRA.exe

windows7_x64

10

ORDEN DE COMPRA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDEN DE COMPRA.exe

  • Size

    309KB

  • Sample

    211006-vfm4jsbfgk

  • MD5

    d67dc035b98ceee080d49ea7b5a65a30

  • SHA1

    5079ded45e45641a55ce6df542b81bb7c066f03d

  • SHA256

    377dfccd81ec5f0ec4179a68f08eedb2d3b726048d35519011514c1929d9bd1e

  • SHA512

    28dfa4ffab5852683f730d653d388489559d91cba6f1a1b81fa65a5a97346ca66abb8cacc93f6d9fc16b28a4583db2996ffbad810720c45d9e2c0f0145cb7d2d

Score
10/10
formbooks3dyratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

C2

http://www.livelifevibrantcourse.com/s3dy/

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

    • Target

      ORDEN DE COMPRA.exe

    • Size

      309KB

    • MD5

      d67dc035b98ceee080d49ea7b5a65a30

    • SHA1

      5079ded45e45641a55ce6df542b81bb7c066f03d

    • SHA256

      377dfccd81ec5f0ec4179a68f08eedb2d3b726048d35519011514c1929d9bd1e

    • SHA512

      28dfa4ffab5852683f730d653d388489559d91cba6f1a1b81fa65a5a97346ca66abb8cacc93f6d9fc16b28a4583db2996ffbad810720c45d9e2c0f0145cb7d2d

    Score
    10/10
    formbooks3dyratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks