Overview

overview

10

Static

static

New Order2...ry.exe

windows7_x64

10

New Order2...ry.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order2922 & Inquiry.exe

  • Size

    325KB

  • Sample

    201028-bywnewda6x

  • MD5

    5af741e9c6b6cdb708a61026db90e451

  • SHA1

    28f970bffc61d21ba560d24f7b944383b72b5bb9

  • SHA256

    eb4e7cd83e6986a52a3ad673a6994c6e917dd6bc70adfbccdf2c1a5348b72a0b

  • SHA512

    91ac168add92a3717cef7db22f810d4ab67e56570303e8f7f66a3e4f20f3afdca4150c282166ecb8d0ebaeac6c9cc5df09a897e5883184e7ce2ce5248cb49d18

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.mahallagate.com/g09b/

Decoy

poultryconservancy.com

theafterdarkcafe.com

falkenranger.com

sahafideccan.com

domlikevista.com

kensbackhoeservice.com

helpmefindaplan.com

feedbackcounselling.com

brandbrights.com

guiefer.com

sharkwithdraw.com

iamfeelingmyself.com

hauteandcood.com

phoenixnewhomesales.com

floratend.com

multipanelyaceros.com

yuceyasi.com

cqweihz.com

sitiobemviver.com

meugovapp.com

Targets

    • Target

      New Order2922 & Inquiry.exe

    • Size

      325KB

    • MD5

      5af741e9c6b6cdb708a61026db90e451

    • SHA1

      28f970bffc61d21ba560d24f7b944383b72b5bb9

    • SHA256

      eb4e7cd83e6986a52a3ad673a6994c6e917dd6bc70adfbccdf2c1a5348b72a0b

    • SHA512

      91ac168add92a3717cef7db22f810d4ab67e56570303e8f7f66a3e4f20f3afdca4150c282166ecb8d0ebaeac6c9cc5df09a897e5883184e7ce2ce5248cb49d18

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks