Overview

overview

10

Static

static

1

ORDER__9.EXE.exe

windows7-x64

10

ORDER__9.EXE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER__9.EXE.exe

  • Size

    259KB

  • Sample

    221207-h4cw9shg6y

  • MD5

    227e97fd58338811c7c831524ba17f0d

  • SHA1

    9ddb00c67fa1a5eaa1687fcf478d04d7e37c5514

  • SHA256

    f5cd237bed69b3fd27584548ca0f4ea6244a16174b51ab2b62be2a6c2a7159e7

  • SHA512

    efff3e3bce3a313992354d18e589b44180c091514d19d9ffb0ebca8e30afa694d4b7ccf297e4e804e14dd04356ac34b5e763f0cd0add3f97db808eff0580672e

  • SSDEEP

    6144:QBn1U6sxaTc7gU2KF+TW+V86v53P2jT+YI:gUPaTRYXm95f2LI

Score
10/10
formbookpr28ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

huaxinimg.com

baorungas.com

comercializadoramultimus.com

blr-batipro.com

wantagedfas.uk

1thingplan.one

cweilin.com

lorienconsultingllc.com

jdzsjwx.com

casafacil.site

hkacgt.com

hasid.africa

92dgr97k4hr9.com

cvbiop.xyz

1wbskm.top

fantasticmobility.com

goodchoice2022.com

hafizpower.com

familiajoya.com

fundscrahelp.info

Targets

    • Target

      ORDER__9.EXE.exe

    • Size

      259KB

    • MD5

      227e97fd58338811c7c831524ba17f0d

    • SHA1

      9ddb00c67fa1a5eaa1687fcf478d04d7e37c5514

    • SHA256

      f5cd237bed69b3fd27584548ca0f4ea6244a16174b51ab2b62be2a6c2a7159e7

    • SHA512

      efff3e3bce3a313992354d18e589b44180c091514d19d9ffb0ebca8e30afa694d4b7ccf297e4e804e14dd04356ac34b5e763f0cd0add3f97db808eff0580672e

    • SSDEEP

      6144:QBn1U6sxaTc7gU2KF+TW+V86v53P2jT+YI:gUPaTRYXm95f2LI

    Score
    10/10
    formbookpr28ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks