Overview

overview

10

Static

static

new order ...om.exe

windows7-x64

10

new order ...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order confirmation_details.com.exe

  • Size

    1.0MB

  • Sample

    221018-h931msfbhn

  • MD5

    fe575a54b7e0eeb2ab697fe89bfcbd5e

  • SHA1

    682e76fcfe3c9522dbbfdad7e1c41e938a324305

  • SHA256

    86638c1e381b77cf90dd55e3cffeb1892e429d4389dcac150bab737ff471168e

  • SHA512

    35a18933acf8c4e6f80c0331fa39f0fe94ae833e5444cf8d94f4b4c5f20af6ec96232c3f595988780e32f0f3a67da10d3e99009664f08327fbb10e11a1384036

  • SSDEEP

    12288:UlA0oSTV1DJu7VX06wmbAcJhBTyof88wFsyqW8nYrJ0NPJj+sgrWwAY2XK8m:UlGSRdJW8mUShBTybjJ0NPVDEW22Xy

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      new order confirmation_details.com.exe

    • Size

      1.0MB

    • MD5

      fe575a54b7e0eeb2ab697fe89bfcbd5e

    • SHA1

      682e76fcfe3c9522dbbfdad7e1c41e938a324305

    • SHA256

      86638c1e381b77cf90dd55e3cffeb1892e429d4389dcac150bab737ff471168e

    • SHA512

      35a18933acf8c4e6f80c0331fa39f0fe94ae833e5444cf8d94f4b4c5f20af6ec96232c3f595988780e32f0f3a67da10d3e99009664f08327fbb10e11a1384036

    • SSDEEP

      12288:UlA0oSTV1DJu7VX06wmbAcJhBTyof88wFsyqW8nYrJ0NPJj+sgrWwAY2XK8m:UlGSRdJW8mUShBTybjJ0NPVDEW22Xy

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks