Overview

overview

10

Static

static

1

order 0091.com.exe

windows7_x64

10

order 0091.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    purchase_order.rar

  • Size

    290KB

  • Sample

    211021-1h113sagh7

  • MD5

    129aac28e9b77d9e5e1f6d990bbf792f

  • SHA1

    fa3e52b82597e8f22b310b20f1e796967087a810

  • SHA256

    3188b6281fa688f13cb4be76a97ff5fbf1f6055e98efccaf55db82ff69abef52

  • SHA512

    8c18dda040d2554f2f6e3e1f81e6d265f00856533fb27635b671d1f4a344ed4275b8710e4496157de3aab855613d0b30a26efedba45e8d961f98183d9ae01196

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      order 0091.com

    • Size

      427KB

    • MD5

      c6d40c961c2a1940c29ff433fc9217ee

    • SHA1

      a55d2f584620864fe9eb49e7647bb86fc2c20050

    • SHA256

      cf0d36f933310c07f1554db7e6e8a2e79c01ee933717e13f96ae841302306512

    • SHA512

      97c9df9f0492303c86a94e0fb25edac5cbd23e30cc4bcddc00ef47f7b70a7642da57f144bfa505a3ef0cad2de7f8d4fe464e58df931aeb54861e57c84f65fff7

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks