Overview

overview

10

Static

static

NEW ORDER.scr

windows7_x64

10

NEW ORDER.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER.scr

  • Size

    818KB

  • Sample

    220129-lzhthaabf7

  • MD5

    7735f514bfc4111a49a0ed6078206788

  • SHA1

    766933ccc287d5734ae351ca42fcb5ee6c1bd56f

  • SHA256

    f2d58fc68302fb9cfc6ba93ca4f01f17c8baf7fef4cdfef59638e61fa4f54ad4

  • SHA512

    a566f4372171517129aed5370937dfe6abb23aec230bb4ecefb63ec62c0df414d9708e7e8f97ece1c3ab6de5c64c9d6d7460d34b18e9199370e253e06cf18bae

Score
10/10
formbooks16rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s16r

Decoy

kellieroysellsnc.com

valleylowvoltage.com

mltuo900.xyz

visitingpuntacana.com

weiwushi.com

austintechjob.com

rxstarcbd.com

shopstudioesi.com

filetto-server.xyz

relianceltdbnk.com

unethical.world

yedd.store

esthershhs.com

magaddis.com

scenicdrivetours.com

123gest.com

2020mortagelifeinsurance.com

faceinle.com

integritymarking.com

alfatoto.xyz

Targets

    • Target

      NEW ORDER.scr

    • Size

      818KB

    • MD5

      7735f514bfc4111a49a0ed6078206788

    • SHA1

      766933ccc287d5734ae351ca42fcb5ee6c1bd56f

    • SHA256

      f2d58fc68302fb9cfc6ba93ca4f01f17c8baf7fef4cdfef59638e61fa4f54ad4

    • SHA512

      a566f4372171517129aed5370937dfe6abb23aec230bb4ecefb63ec62c0df414d9708e7e8f97ece1c3ab6de5c64c9d6d7460d34b18e9199370e253e06cf18bae

    Score
    10/10
    formbooks16rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks