Overview

overview

10

Static

static

1

orderdraft.com.exe

windows7_x64

10

orderdraft.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    orderdraft.com

  • Size

    670KB

  • Sample

    211029-qxjegaddf8

  • MD5

    d488a5a0caf0931f5a7c052e2cd625e6

  • SHA1

    b94b48dc531a655b08ea378e8e8cc7cf6b4053d4

  • SHA256

    ea65c04f2fb1960df74c4f579f8c0972dec4d14e79cdc040fa98ca8fcc2eb82f

  • SHA512

    41e9e5ea1095a0117d0365b78ea18dddfe4680fe8e116390fad2694e1047af147ccb0207c447b037b15895b54939b4fa4fd42a016975c21dd74d55bc353eef27

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      orderdraft.com

    • Size

      670KB

    • MD5

      d488a5a0caf0931f5a7c052e2cd625e6

    • SHA1

      b94b48dc531a655b08ea378e8e8cc7cf6b4053d4

    • SHA256

      ea65c04f2fb1960df74c4f579f8c0972dec4d14e79cdc040fa98ca8fcc2eb82f

    • SHA512

      41e9e5ea1095a0117d0365b78ea18dddfe4680fe8e116390fad2694e1047af147ccb0207c447b037b15895b54939b4fa4fd42a016975c21dd74d55bc353eef27

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks