Overview

overview

10

Static

static

1

new order ...om.exe

windows7-x64

10

new order ...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order no 3we3.com.exe

  • Size

    836KB

  • Sample

    230417-g2lwqaeh3v

  • MD5

    4f8ce0d6497033b00050107edc18649a

  • SHA1

    ed590a23b18190aeae8f22a9b2a0b045a05fc3f0

  • SHA256

    d2c6504aabeec79a4f9e9a2b088f9da7fccc096afed43ad239099c2c42718bb6

  • SHA512

    542f8eb37708e0916aef077b03889f0d0b06e2863cc75b5e0b05679c1b2f781f022c6af43f783a9a2d1730d69272c984699df460d107640facf6404555e70f82

  • SSDEEP

    12288:T8rLgxLKQfJJuXFI3MU+oVv6G57D1llttQCMO+U1xldIuau/T2SAzCk1:wrLgO0023ZQK9CO+U1xldqu/T2SA

Score
10/10
formbookmodiloadersn72ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn72

Decoy

auntieannasboutique.com

bmvelectra.com

brightertaxes.com

jumpexit.com

drakorssi.com

greewino.com

fupinge.com

design-rostov61.ru

4455k.net

findmentalwealth.com

echadholisticbar.com

whrdyim.com

jabyrne.co.uk

entalem.com

efeflaunch.buzz

asty728.com

everydaysociallab.com

farmally.africa

2459731.com

iberostargrandsalome.com

Targets

    • Target

      new order no 3we3.com.exe

    • Size

      836KB

    • MD5

      4f8ce0d6497033b00050107edc18649a

    • SHA1

      ed590a23b18190aeae8f22a9b2a0b045a05fc3f0

    • SHA256

      d2c6504aabeec79a4f9e9a2b088f9da7fccc096afed43ad239099c2c42718bb6

    • SHA512

      542f8eb37708e0916aef077b03889f0d0b06e2863cc75b5e0b05679c1b2f781f022c6af43f783a9a2d1730d69272c984699df460d107640facf6404555e70f82

    • SSDEEP

      12288:T8rLgxLKQfJJuXFI3MU+oVv6G57D1llttQCMO+U1xldIuau/T2SAzCk1:wrLgO0023ZQK9CO+U1xldqu/T2SA

    Score
    10/10
    modiloadertrojanformbooksn72ratspywarestealer

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks