Overview

overview

10

Static

static

NEW EURO O...cr.exe

windows7-x64

10

NEW EURO O...cr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW EURO ORDER.scr.exe

  • Size

    1.1MB

  • Sample

    220917-ssftwsdhhp

  • MD5

    2909b28c4af650436e18469fdc91a83f

  • SHA1

    91ae24d9807932a980b8c0e537c12158cae24150

  • SHA256

    dc39a79518c4d038803a7a7ddaf44d231b318010cf12ef9be4ed037e88b69fa7

  • SHA512

    65ed07b78d5f99fcc089a2855062fcc4fb76bddde5c6e0c4ddc21376673ae96c8f53e89f69792edf32074d53e03717290b59aa794ce5025014581c5c59ab946f

  • SSDEEP

    24576:0i6hSDohTftjLEGRFG3tmUhT4aq5CjvmLs9/Cn:0GDOTftjtWhUaLPtCn

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      NEW EURO ORDER.scr.exe

    • Size

      1.1MB

    • MD5

      2909b28c4af650436e18469fdc91a83f

    • SHA1

      91ae24d9807932a980b8c0e537c12158cae24150

    • SHA256

      dc39a79518c4d038803a7a7ddaf44d231b318010cf12ef9be4ed037e88b69fa7

    • SHA512

      65ed07b78d5f99fcc089a2855062fcc4fb76bddde5c6e0c4ddc21376673ae96c8f53e89f69792edf32074d53e03717290b59aa794ce5025014581c5c59ab946f

    • SSDEEP

      24576:0i6hSDohTftjLEGRFG3tmUhT4aq5CjvmLs9/Cn:0GDOTftjtWhUaLPtCn

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks