Overview

overview

10

Static

static

3

Order Conf...23.exe

windows7-x64

10

Order Conf...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order ConfirmationLjunghall sro OC 280 CZ 11082023.exe

  • Size

    674KB

  • Sample

    230811-rt9b6afe6s

  • MD5

    85f088bc01813c544d2cfb3a6278355e

  • SHA1

    f6fb8eb77dfe67f8734035a8ff9583e31f20da8a

  • SHA256

    ca144cbf6bb204ff360d5b6c983b962430952fbb1c90b8e58f93993787719c7b

  • SHA512

    764949accc3c27e7c064e90dfed098f04f99a0f28fa4b4f83f1de2e0ef32d9201bb52a31584a758d96bf92ad7ca75991ca2d582b94cf42d3efa27efb0498e9ef

  • SSDEEP

    12288:tG5aaLm1mR6ud9Z9RWva8gZ7oHjgQSmeTyHKmuy51k9lqTjE:Is7Urdb9kM9o0QOOHwy5jTjE

Score
10/10
formbookjr22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

    • Target

      Order ConfirmationLjunghall sro OC 280 CZ 11082023.exe

    • Size

      674KB

    • MD5

      85f088bc01813c544d2cfb3a6278355e

    • SHA1

      f6fb8eb77dfe67f8734035a8ff9583e31f20da8a

    • SHA256

      ca144cbf6bb204ff360d5b6c983b962430952fbb1c90b8e58f93993787719c7b

    • SHA512

      764949accc3c27e7c064e90dfed098f04f99a0f28fa4b4f83f1de2e0ef32d9201bb52a31584a758d96bf92ad7ca75991ca2d582b94cf42d3efa27efb0498e9ef

    • SSDEEP

      12288:tG5aaLm1mR6ud9Z9RWva8gZ7oHjgQSmeTyHKmuy51k9lqTjE:Is7Urdb9kM9o0QOOHwy5jTjE

    Score
    10/10
    formbookjr22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks