Overview

overview

10

Static

static

Order_088067.exe

windows7-x64

10

Order_088067.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order_088067.exe

  • Size

    1.1MB

  • Sample

    221125-pq7caagf67

  • MD5

    d997a93c96c04fccf6ebe280ab6b025b

  • SHA1

    27627f774f7a30428e4a7be77a49f413fd16f740

  • SHA256

    ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c

  • SHA512

    abe758baa50d9929fd364ac68559b89b310db4e2805bef1e909e4f9ec0a3d941b9298cc1693b590265a92e6e21459abda1e5b90ec5816d37ab7a23d7711310b1

  • SSDEEP

    24576:LAOcZXMu3khBQ8KQO2qnQP4KnmdMLFspB6Q7CqFlF:NO4K/QRnmdMLE8Q7h

Score
10/10
formbooknursratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nurs

Decoy

caixinhascomcarinho.com

abinotools.com

oporto-tours.com

iruos.com

yesmamawinebar.com

wwwscu.com

habit2impact.com

antigenresearch.com

ux4space.com

diarypisces.com

cryptopers.com

lovingmoreband.com

beerwars.net

ascariproject.site

livesoccerhd.info

bluestardivingschool.com

pluik.com

snorrky.space

lcoi9.com

phantomxr.com

Targets

    • Target

      Order_088067.exe

    • Size

      1.1MB

    • MD5

      d997a93c96c04fccf6ebe280ab6b025b

    • SHA1

      27627f774f7a30428e4a7be77a49f413fd16f740

    • SHA256

      ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c

    • SHA512

      abe758baa50d9929fd364ac68559b89b310db4e2805bef1e909e4f9ec0a3d941b9298cc1693b590265a92e6e21459abda1e5b90ec5816d37ab7a23d7711310b1

    • SSDEEP

      24576:LAOcZXMu3khBQ8KQO2qnQP4KnmdMLFspB6Q7CqFlF:NO4K/QRnmdMLE8Q7h

    Score
    10/10
    formbooknursratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks