Overview

overview

10

Static

static

our new order.scr.exe

windows7-x64

10

our new order.scr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    our new order.scr.exe

  • Size

    906KB

  • Sample

    220906-t2hkhsfhb9

  • MD5

    66089c847ab3f164727090b9f7b349c0

  • SHA1

    82bd17440fb2cd3dace22edb56500be333bdb446

  • SHA256

    d9d2cdc4ba358c7049bc5a8c972939ccb38ba1297e608e2c6f488e62121bdd7b

  • SHA512

    3bbf12cabfe6f3e5f2c2e72d7e63de334f35562dea87d81cdc0266bc11600b839b843133054efe679f24958e246f846804db1bae46d6ed912cd995bc2a8c375b

  • SSDEEP

    12288:dhFnmii1cDfZYmfbZzK35/riQGqyyHbeiTDTc/L6Y4hZ:dGmfA/2Q1begczJ4h

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      our new order.scr.exe

    • Size

      906KB

    • MD5

      66089c847ab3f164727090b9f7b349c0

    • SHA1

      82bd17440fb2cd3dace22edb56500be333bdb446

    • SHA256

      d9d2cdc4ba358c7049bc5a8c972939ccb38ba1297e608e2c6f488e62121bdd7b

    • SHA512

      3bbf12cabfe6f3e5f2c2e72d7e63de334f35562dea87d81cdc0266bc11600b839b843133054efe679f24958e246f846804db1bae46d6ed912cd995bc2a8c375b

    • SSDEEP

      12288:dhFnmii1cDfZYmfbZzK35/riQGqyyHbeiTDTc/L6Y4hZ:dGmfA/2Q1begczJ4h

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks