Overview

overview

10

Static

static

1

Order_pdf.exe

windows7_x64

10

Order_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTE N � 067.rar

  • Size

    258KB

  • Sample

    211110-xxq8msaba4

  • MD5

    c03112492bbf05452056c3e7bba3f986

  • SHA1

    66a54ba3e3330ebad01c1d0c752829a4152accd3

  • SHA256

    348778a97c45cddc54eeee10b62106156d4fbb35ec863d96827f94eda6c39a98

  • SHA512

    c507e83519e1c38853c757c82434806ed21c00e901f5eeaf0de9c2a0be63102f3a15c3df17da28e655bb8275004136e322ab6e90c98e612021e5d9bea7ed9046

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Order_pdf.exe

    • Size

      422KB

    • MD5

      c6f10bbfaa01950046227177e69f2664

    • SHA1

      43b71fad504b19f3cfeb77b76472a164a9d16166

    • SHA256

      43ea8be5d24e6ef46dc34bbbb6be7841c733449cc2e99144c38d38f85a6527fb

    • SHA512

      4afca32e72d11ea57ca1527d3472de3c9ab6c074a94db562a163b21ab2ee670bfa7a83866cdb207a99351705d81f22fe98112183c9cfea1e3174a3aaca06c4d2

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks