Overview

overview

10

Static

static

1

new order.exe

windows7_x64

10

new order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order.exe

  • Size

    506KB

  • Sample

    211116-pebfgaagaq

  • MD5

    42d37691292ac45ed40d57c76b335cd5

  • SHA1

    9b7e5e7d353cab9c42edb33a060f9d91200192f9

  • SHA256

    ea03c34322299aafb7f2c7b442ff7f4a661ea952bddb76b83a1c274460eb45a5

  • SHA512

    8a3f2b7b8b3f6235637a4c8839998fe3cdb27376c086f1ea9a8d4146b020d7426efeb38e68d415686b63f5ff7a27b8ec6a17fc22ef37e79b21271225114b7c27

Score
10/10
formbookjy0bratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

    • Target

      new order.exe

    • Size

      506KB

    • MD5

      42d37691292ac45ed40d57c76b335cd5

    • SHA1

      9b7e5e7d353cab9c42edb33a060f9d91200192f9

    • SHA256

      ea03c34322299aafb7f2c7b442ff7f4a661ea952bddb76b83a1c274460eb45a5

    • SHA512

      8a3f2b7b8b3f6235637a4c8839998fe3cdb27376c086f1ea9a8d4146b020d7426efeb38e68d415686b63f5ff7a27b8ec6a17fc22ef37e79b21271225114b7c27

    Score
    10/10
    formbookjy0bratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks