Overview

overview

10

Static

static

61b73554fb...a8.exe

windows7_x64

10

61b73554fb...a8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61b73554fb05d79c58046660462acda8.exe

  • Size

    819KB

  • Sample

    210111-6cpf5ehn8a

  • MD5

    61b73554fb05d79c58046660462acda8

  • SHA1

    a5972374dc0e9377e6b1badeed0a4235d3f43ab0

  • SHA256

    d28c56accd73a0c2d4c5a62a288ae12af64ee719ac6060ef2c7ea9be3c5d400f

  • SHA512

    6b5f69f1d8acaebbc93c98f8364bd15028031ebe3e41d8d1372b00b1647320af9718b4a4c9a632423e1387d7299d52e30c2657b0b617be53953675bbdf0247ad

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.herbmedia.net/csv8/

Decoy

slgacha.com

oohdough.com

6983ylc.com

aykassociate.com

latin-hotspot.com

starrockindia.com

beamsubway.com

queensboutique1000.com

madbaddie.com

bhoomimart.com

ankitparivar.com

aldanasanchezmx.com

citest1597669833.com

cristianofreitas.com

myplantus.com

counterfeitmilk.com

8xf39.com

pregnantwomens.com

yyyut6.com

stnanguo.com

Targets

    • Target

      61b73554fb05d79c58046660462acda8.exe

    • Size

      819KB

    • MD5

      61b73554fb05d79c58046660462acda8

    • SHA1

      a5972374dc0e9377e6b1badeed0a4235d3f43ab0

    • SHA256

      d28c56accd73a0c2d4c5a62a288ae12af64ee719ac6060ef2c7ea9be3c5d400f

    • SHA512

      6b5f69f1d8acaebbc93c98f8364bd15028031ebe3e41d8d1372b00b1647320af9718b4a4c9a632423e1387d7299d52e30c2657b0b617be53953675bbdf0247ad

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks