Overview

overview

10

Static

static

1

order draft.com.exe

windows7_x64

10

order draft.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order draft001.rar

  • Size

    357KB

  • Sample

    211029-w2dyfaaedp

  • MD5

    76be1fda74d2c6487c12e6be9c41a275

  • SHA1

    b3742186e1236eb01547f3eb1a3ec7599a1b7851

  • SHA256

    3aaa02e43bf91f8ba1f1f9811dcb52c5cadaa356b70514a5bb639d7247fc73db

  • SHA512

    1e9c3f13b39fa14daa00f45f916a1a5a97940332a8a1ea9690c47e1a5537b83c99847f4c3334e99e6aa7ec23e2038947a8add3d04dba4d2efd8ee13cf0535553

Score
10/10
formbookdn7rratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      order draft.com

    • Size

      471KB

    • MD5

      f010aecf40c6d5a592dc55c4f95d15aa

    • SHA1

      4e202b8ccf0841562a9aa9fa5bef3333f25ba57f

    • SHA256

      79b16be36de1dfa5a48d965e4a4c19c7c481b6972392e6d0e6edd00447297b96

    • SHA512

      e10b463221730ee2362ded75711d3eb636c13f087fea2e01761706bc6382fe2fb51f34f7c5fae1b7250ed0de11ea8e1753b6807ec8ec5e25d2429d731e1e4367

    Score
    10/10
    formbookdn7rratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks