Overview

overview

10

Static

static

Nuovo ordine.exe

windows7-x64

10

Nuovo ordine.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nuovo ordine.exe

  • Size

    784KB

  • Sample

    220919-j6958afhc2

  • MD5

    5298cdd27b684bf3ed43931d9944fb26

  • SHA1

    d0be51efdfa535522f97afbbe99cfd65a664f360

  • SHA256

    062e12bd387057d358d7f0ba9a20f0fd62e3f589e2660bf63e2c85eb5ea827bd

  • SHA512

    824feb1a87bd941e4e05598b7dee769b63ea81c58b3872e87221b12713b05d5aea9a4aab07d8133848798a1725be4320efac18b21ea53decb4acb9ab629475aa

  • SSDEEP

    12288:md/hwf9KfOey793+v8ARYJO65SEuPyg1Vw6RTJXvDaYwpOd:0ef9KfpEVK4ORaKVw6VJXvDad

Score
10/10
formbookng04ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

    • Target

      Nuovo ordine.exe

    • Size

      784KB

    • MD5

      5298cdd27b684bf3ed43931d9944fb26

    • SHA1

      d0be51efdfa535522f97afbbe99cfd65a664f360

    • SHA256

      062e12bd387057d358d7f0ba9a20f0fd62e3f589e2660bf63e2c85eb5ea827bd

    • SHA512

      824feb1a87bd941e4e05598b7dee769b63ea81c58b3872e87221b12713b05d5aea9a4aab07d8133848798a1725be4320efac18b21ea53decb4acb9ab629475aa

    • SSDEEP

      12288:md/hwf9KfOey793+v8ARYJO65SEuPyg1Vw6RTJXvDaYwpOd:0ef9KfpEVK4ORaKVw6VJXvDad

    Score
    10/10
    formbookng04ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks