Overview

overview

10

Static

static

1

new_order.exe

windows7_x64

10

new_order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new_order.rar

  • Size

    235KB

  • Sample

    220129-hwhsjsfcar

  • MD5

    957cde797056f17e3c149ce6c11429c5

  • SHA1

    eb0102943d56fd35d81850c9652fe21f21ae28e7

  • SHA256

    c067194e9d005c09c7b36d0315d10d749e113f1e2e280e0957d13689bfd277a5

  • SHA512

    2f9b460a88de3b0a4ec5e911c0f177db56a8e8245756924a4c83b0ba7db13529360753e08e814f159dc5bb80906bf7e8ba4b3219ae37497c4c08d37a965951de

Score
10/10
formbookos16ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

os16

Decoy

nautic-experts-hageboelling.com

fullharvestfundraising.com

xbdsm.club

duocaterers.com

prizebuddy.club

nillprive.com

firebreathingpenguin.com

buxledger.com

annual-journals.com

mydemosite0.com

noaoka.com

eblaghe-iran.xyz

globalyuncang.com

jacqueson-autocars.com

asiafinances.com

howtomakearesume.space

modernwarfaresecrets.com

dualamaquinaria.com

thrili.com

gracing-up.com

Targets

    • Target

      new_order.exe

    • Size

      247KB

    • MD5

      a0e70d1760e60d81e0f4ac2904fa8002

    • SHA1

      0512dcf545274ac6512abf3fb31a6fff41614280

    • SHA256

      0cd606362bbe747f3d0c0193675ce46ea2920fba28580b784f50a2969bbb0c27

    • SHA512

      59c04bc30b9f279d434428011efe80d41fd5de99c92165c77dc2a097b742c60e676f65d6185c90d9e5ddfd181fd4a32c7d237ca75ed2be978c6b951be6ae8588

    Score
    10/10
    formbookos16ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks