Overview

overview

10

Static

static

CNEW ORDER17.exe

windows7_x64

10

CNEW ORDER17.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CNEW ORDER17.exe

  • Size

    960KB

  • Sample

    211014-rnq9dsadhn

  • MD5

    c54edc9ef9d72fe0fe048e8ac884626b

  • SHA1

    11dce70f33e490eb9b89726776915a374bb59a59

  • SHA256

    43fcb442b80665d42271689310ebd569e84f74287063a62e14beba808178e098

  • SHA512

    c65d37de77ad4598ee0b665145c988681d38fc26aa2eb2f5b5d1b73646eaa843cb18c4172d0ed7dcee4bd25bdf692e7b1aacc410a56b6959158f9e3bab1f0c81

Score
10/10
formbookh0c4ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0c4

C2

http://www.cursoukulelegospel.com/h0c4/

Decoy

looknewly.com

icha2016.com

datnenhoalachn.xyz

fark.ltd

zjlj.site

carpinteriacansino.com

atozmp33.com

oficialacesso.com

tuningfrance.com

rmm-mx96r.net

outsidestyleshop.com

eufundas.com

a91furniture.com

sfme.net

englisch.coach

wallacechen.info

nyayeo.com

jintongstore.com

vanwerknaarwerk.info

thekimlab.net

Targets

    • Target

      CNEW ORDER17.exe

    • Size

      960KB

    • MD5

      c54edc9ef9d72fe0fe048e8ac884626b

    • SHA1

      11dce70f33e490eb9b89726776915a374bb59a59

    • SHA256

      43fcb442b80665d42271689310ebd569e84f74287063a62e14beba808178e098

    • SHA512

      c65d37de77ad4598ee0b665145c988681d38fc26aa2eb2f5b5d1b73646eaa843cb18c4172d0ed7dcee4bd25bdf692e7b1aacc410a56b6959158f9e3bab1f0c81

    Score
    10/10
    formbookh0c4ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks