Overview

overview

10

Static

static

3

revised order.exe

windows7-x64

10

revised order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    revised order.exe

  • Size

    664KB

  • Sample

    230519-llgz2sdb48

  • MD5

    cc9da457b3759124ae37ab6ed050bddf

  • SHA1

    134c076acb349bc827c28e486cc7835cdbb5c3de

  • SHA256

    02b060c393fbc76a082ef0411f28e2be60bce1af80ea2df91f003e9b8a762b88

  • SHA512

    f471ae201c8f4082decfa81e037b5d4e7bfab53d201c07c44e7f41deda62a3f51273d358865ac2657f1afa3bc20837dedf79c14dd15e6ecafc24900007a78996

  • SSDEEP

    12288:Y1o0b1mpSNDKdUv67i5hlWA8U+FgJECQqO9mom:0rNvD5hMABMC3O

Score
10/10
formbookm82ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      revised order.exe

    • Size

      664KB

    • MD5

      cc9da457b3759124ae37ab6ed050bddf

    • SHA1

      134c076acb349bc827c28e486cc7835cdbb5c3de

    • SHA256

      02b060c393fbc76a082ef0411f28e2be60bce1af80ea2df91f003e9b8a762b88

    • SHA512

      f471ae201c8f4082decfa81e037b5d4e7bfab53d201c07c44e7f41deda62a3f51273d358865ac2657f1afa3bc20837dedf79c14dd15e6ecafc24900007a78996

    • SSDEEP

      12288:Y1o0b1mpSNDKdUv67i5hlWA8U+FgJECQqO9mom:0rNvD5hMABMC3O

    Score
    10/10
    formbookm82ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks