Overview

overview

10

Static

static

1

Order Inquiry.exe

windows7_x64

10

Order Inquiry.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order Inquiry.exe

  • Size

    485KB

  • Sample

    211130-x2m2sabcd8

  • MD5

    36d6b8effc86cfda42cf0d20a6525a13

  • SHA1

    6be8e092b9423f22239b0706bb573e8976e7e8fc

  • SHA256

    db2ae6df50188c663d87f250db4509ebf1ddad5cd7bcddb6e6063e59d8a3f224

  • SHA512

    0eb8c3a71a93b7ccaac8b5b66d7326507f7ed6954f12068cb18cd7dcb4f49b48f7a095b5b7a20eac8301c97d6cb9be3b01c8793f3637d92b9b1d70a764b92ce3

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

C2

http://www.yourherogarden.net/dn7r/

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      Order Inquiry.exe

    • Size

      485KB

    • MD5

      36d6b8effc86cfda42cf0d20a6525a13

    • SHA1

      6be8e092b9423f22239b0706bb573e8976e7e8fc

    • SHA256

      db2ae6df50188c663d87f250db4509ebf1ddad5cd7bcddb6e6063e59d8a3f224

    • SHA512

      0eb8c3a71a93b7ccaac8b5b66d7326507f7ed6954f12068cb18cd7dcb4f49b48f7a095b5b7a20eac8301c97d6cb9be3b01c8793f3637d92b9b1d70a764b92ce3

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks