Overview

overview

10

Static

static

Purchase O...es.exe

windows7-x64

10

Purchase O...es.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order Frank Manufactures.exe

  • Size

    1.3MB

  • Sample

    220725-bnyqgahabm

  • MD5

    32434444d1b2d9901449af917cf18c45

  • SHA1

    f673c3a29258d7b0d540e6fb83c3d22059ad760b

  • SHA256

    c47f67b3b696c414c6877e088c13cd6b569586f41fb8c0b4341276d6130546ce

  • SHA512

    b994784d3228704f2ace28b7f0f2081cd83c4c8af1cbd4e6ee7fe4eea11b80cb7cd69ad451a04a37130eb7c79b55f6ee02c32e0cda249a5d9769ea13bbd0d7ee

Score
10/10
suricata

Malware Config

Targets

    • Target

      Purchase Order Frank Manufactures.exe

    • Size

      1.3MB

    • MD5

      32434444d1b2d9901449af917cf18c45

    • SHA1

      f673c3a29258d7b0d540e6fb83c3d22059ad760b

    • SHA256

      c47f67b3b696c414c6877e088c13cd6b569586f41fb8c0b4341276d6130546ce

    • SHA512

      b994784d3228704f2ace28b7f0f2081cd83c4c8af1cbd4e6ee7fe4eea11b80cb7cd69ad451a04a37130eb7c79b55f6ee02c32e0cda249a5d9769ea13bbd0d7ee

    Score
    10/10
    suricata

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks