Overview

overview

10

Static

static

1

new_order.exe

windows7_x64

10

new_order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new_order.exe

  • Size

    247KB

  • Sample

    220128-lg25esaeel

  • MD5

    a0e70d1760e60d81e0f4ac2904fa8002

  • SHA1

    0512dcf545274ac6512abf3fb31a6fff41614280

  • SHA256

    0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27

  • SHA512

    59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588

Score
10/10
formbookos16ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

os16

Decoy

nautic-experts-hageboelling.com

fullharvestfundraising.com

xbdsm.club

duocaterers.com

prizebuddy.club

nillprive.com

firebreathingpenguin.com

buxledger.com

annual-journals.com

mydemosite0.com

noaoka.com

eblaghe-iran.xyz

globalyuncang.com

jacqueson-autocars.com

asiafinances.com

howtomakearesume.space

modernwarfaresecrets.com

dualamaquinaria.com

thrili.com

gracing-up.com

Targets

    • Target

      new_order.exe

    • Size

      247KB

    • MD5

      a0e70d1760e60d81e0f4ac2904fa8002

    • SHA1

      0512dcf545274ac6512abf3fb31a6fff41614280

    • SHA256

      0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27

    • SHA512

      59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588

    Score
    10/10
    formbookos16ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks