Overview

overview

10

Static

static

file2.exe

windows7_x64

10

file2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file2.exe

  • Size

    699KB

  • Sample

    210112-kwkqmhtyc2

  • MD5

    4aac66abd3deb77faf44d3fb5884f0a6

  • SHA1

    a5b550d6b41ad1cd9287d2892a65ac856de1bebf

  • SHA256

    4abfdb9315d534afdc9907bcf369d15a121e02d40dc772dece65de6ee2ade651

  • SHA512

    3be81a77ffadb309689738dec4e6f235eff195492e21451d373113e531b3f516b9db2b43857577fd9257a6014934124e26bd84a80683fe3eca6666b69fe398f1

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.herbmedia.net/csv8/

Decoy

slgacha.com

oohdough.com

6983ylc.com

aykassociate.com

latin-hotspot.com

starrockindia.com

beamsubway.com

queensboutique1000.com

madbaddie.com

bhoomimart.com

ankitparivar.com

aldanasanchezmx.com

citest1597669833.com

cristianofreitas.com

myplantus.com

counterfeitmilk.com

8xf39.com

pregnantwomens.com

yyyut6.com

stnanguo.com

Targets

    • Target

      file2.exe

    • Size

      699KB

    • MD5

      4aac66abd3deb77faf44d3fb5884f0a6

    • SHA1

      a5b550d6b41ad1cd9287d2892a65ac856de1bebf

    • SHA256

      4abfdb9315d534afdc9907bcf369d15a121e02d40dc772dece65de6ee2ade651

    • SHA512

      3be81a77ffadb309689738dec4e6f235eff195492e21451d373113e531b3f516b9db2b43857577fd9257a6014934124e26bd84a80683fe3eca6666b69fe398f1

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks