Overview

overview

10

Static

static

1

Order doc.com.exe

windows7_x64

10

Order doc.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order doc.com

  • Size

    672KB

  • Sample

    211020-tryhzshcf7

  • MD5

    204425d3c32bcb225060b2a9ada2ea80

  • SHA1

    7059ea5532745e59e335df047ce32aeba0966712

  • SHA256

    36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192

  • SHA512

    579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Order doc.com

    • Size

      672KB

    • MD5

      204425d3c32bcb225060b2a9ada2ea80

    • SHA1

      7059ea5532745e59e335df047ce32aeba0966712

    • SHA256

      36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192

    • SHA512

      579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks