Overview

overview

10

Static

static

NEW ORDER.scr

windows7_x64

10

NEW ORDER.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER.scr

  • Size

    783KB

  • Sample

    220126-gqchxaheak

  • MD5

    8de332d7f57396f7e6f33e212d33480b

  • SHA1

    884ab2b85eb222e6ebb32480d05b2f2e7c17bc22

  • SHA256

    24c3816b1d93a87af33e2ac0fe32e6936578e220642441d8895df2f768745244

  • SHA512

    66f1e657b56c328f3173d7902785883424510f7a039c55887c471b074f9870ec7294a7fa2deb8c6ad4096e0a89eb76c136f98640be124f56452ad0ddaf26b0ce

Score
10/10
formbooks16rratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s16r

Decoy

kellieroysellsnc.com

valleylowvoltage.com

mltuo900.xyz

visitingpuntacana.com

weiwushi.com

austintechjob.com

rxstarcbd.com

shopstudioesi.com

filetto-server.xyz

relianceltdbnk.com

unethical.world

yedd.store

esthershhs.com

magaddis.com

scenicdrivetours.com

123gest.com

2020mortagelifeinsurance.com

faceinle.com

integritymarking.com

alfatoto.xyz

Targets

    • Target

      NEW ORDER.scr

    • Size

      783KB

    • MD5

      8de332d7f57396f7e6f33e212d33480b

    • SHA1

      884ab2b85eb222e6ebb32480d05b2f2e7c17bc22

    • SHA256

      24c3816b1d93a87af33e2ac0fe32e6936578e220642441d8895df2f768745244

    • SHA512

      66f1e657b56c328f3173d7902785883424510f7a039c55887c471b074f9870ec7294a7fa2deb8c6ad4096e0a89eb76c136f98640be124f56452ad0ddaf26b0ce

    Score
    10/10
    formbooks16rratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks