Overview

overview

10

Static

static

new order.exe

windows7-x64

10

new order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order.com

  • Size

    815KB

  • Sample

    221103-me5cfahbh7

  • MD5

    37c791c2d0993d1f436ea873cbc6ebe7

  • SHA1

    ac860a70dd4e5ead22b1437f416ced8db86760f8

  • SHA256

    799f2a0ffb44227ece78b8ea8df29e6eb4b09c0d6256ce7920e7948aab2924ac

  • SHA512

    d8c09a5d225ce69564b244d672309c7710c3761063cdbb48cafa9c67fc4a27f816e409c123b699d1e058bf81363a1678ab8cedb0166d0e9c1d2974c8f082d78b

  • SSDEEP

    24576:S7SMQ84uJis77/7oLbABNWrF4YpNmf8l6e:SmA4uksX/8bomrrX6e

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      new order.com

    • Size

      815KB

    • MD5

      37c791c2d0993d1f436ea873cbc6ebe7

    • SHA1

      ac860a70dd4e5ead22b1437f416ced8db86760f8

    • SHA256

      799f2a0ffb44227ece78b8ea8df29e6eb4b09c0d6256ce7920e7948aab2924ac

    • SHA512

      d8c09a5d225ce69564b244d672309c7710c3761063cdbb48cafa9c67fc4a27f816e409c123b699d1e058bf81363a1678ab8cedb0166d0e9c1d2974c8f082d78b

    • SSDEEP

      24576:S7SMQ84uJis77/7oLbABNWrF4YpNmf8l6e:SmA4uksX/8bomrrX6e

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks