Overview

overview

10

Static

static

euro order.scr.exe

windows7-x64

10

euro order.scr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    euro order.scr.exe

  • Size

    571KB

  • Sample

    221028-j69vfsfae2

  • MD5

    ca3f9d838a7e53b679ef645dcb2eb15a

  • SHA1

    bd5e7aec31fb0ed9eacbd8b4cc01ba753895b721

  • SHA256

    fb31038cbb2b0d3e01fb7f461a30ff7210a6f2062bd7d373afe739a701714108

  • SHA512

    c27a1be776f168848383e0b3b3f8d034921aaceca29d1113c42950329d9c3f1d14bf2353aa617a2740c703dbbb7e5044c088f50d523c7b8d98d38c48b6d2f96a

  • SSDEEP

    12288:mh702iNn2iNRN0C2CkZ+bGF13DfdlY7uYPShloJLj+:31B1yMkZIO1zfzY7TWn

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      euro order.scr.exe

    • Size

      571KB

    • MD5

      ca3f9d838a7e53b679ef645dcb2eb15a

    • SHA1

      bd5e7aec31fb0ed9eacbd8b4cc01ba753895b721

    • SHA256

      fb31038cbb2b0d3e01fb7f461a30ff7210a6f2062bd7d373afe739a701714108

    • SHA512

      c27a1be776f168848383e0b3b3f8d034921aaceca29d1113c42950329d9c3f1d14bf2353aa617a2740c703dbbb7e5044c088f50d523c7b8d98d38c48b6d2f96a

    • SSDEEP

      12288:mh702iNn2iNRN0C2CkZ+bGF13DfdlY7uYPShloJLj+:31B1yMkZIO1zfzY7TWn

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks