Overview

overview

10

Static

static

new order pdf.exe

windows7_x64

10

new order pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order pdf.exe

  • Size

    499KB

  • Sample

    220406-v2l4dafhd5

  • MD5

    628a7485ff121976a776a305616581f5

  • SHA1

    b14a8eb559a7a28388b7cede334ccc08914c2516

  • SHA256

    a8e45b2b0117e0a1e195a054667fca524862223bd2838a17f2ac9f47fe6191cc

  • SHA512

    4dadf6ca85e4d41fcbb1816fa854a5eba0e37aca2539ea0bacf9920729bf9a602c65ec0745a0d89347d032a0bdef5f9c95196126f1b2c244833ba10e4296ec79

Score
10/10
formbookg2m3ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

    • Target

      new order pdf.exe

    • Size

      499KB

    • MD5

      628a7485ff121976a776a305616581f5

    • SHA1

      b14a8eb559a7a28388b7cede334ccc08914c2516

    • SHA256

      a8e45b2b0117e0a1e195a054667fca524862223bd2838a17f2ac9f47fe6191cc

    • SHA512

      4dadf6ca85e4d41fcbb1816fa854a5eba0e37aca2539ea0bacf9920729bf9a602c65ec0745a0d89347d032a0bdef5f9c95196126f1b2c244833ba10e4296ec79

    Score
    10/10
    formbookg2m3ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks