Overview

overview

10

Static

static

New Order List.exe

windows7_x64

10

New Order List.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170dc02dbe184934c73bb44b5f6d66c967336b69354684d7cb6bdf4882b882a6

  • Size

    319KB

  • Sample

    220520-rqqewabbcn

  • MD5

    80a9693e0cc67a020966ba3b97406bfc

  • SHA1

    2a7f8544fc2113dd962e3b5614bc9f77d816394a

  • SHA256

    170dc02dbe184934c73bb44b5f6d66c967336b69354684d7cb6bdf4882b882a6

  • SHA512

    1741f58398ef7d3e624bf0c428b08c97ac0e92cffd8363b3fac763eb0bf07bf99c6b8ceaa69f6e0cc03ae63d621fff745bf05855cd77e1f027da83b1a7ba69f6

Score
10/10
formbook3noppersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

Targets

    • Target

      New Order List.exe

    • Size

      651KB

    • MD5

      ef3ca842b9c00a0bc3c40cb0c547180e

    • SHA1

      decbd80b7215eef9049542b529986359fea02ff9

    • SHA256

      cc223497fe89e227d0696798ffd12ef6037ee71dfe047483f6a8f1be69bf5754

    • SHA512

      4bd7eaf9b7c2c4c78b14788549cb71da2eb8074b81c786a6a8b0e03677a9bd1c89118a47ecd150249b46dab4798f0b00c4a5f40e15cd0a629243f90548eceede

    Score
    10/10
    formbook3noppersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks