Overview

overview

10

Static

static

DHL SHIPPI...DF.exe

windows7_x64

10

DHL SHIPPI...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe

  • Size

    1.1MB

  • Sample

    210112-q4p822qx26

  • MD5

    eb2002937cb72b457e35ce221ebf299e

  • SHA1

    be5027e99c4f251652b533e768167ee5a40fc7e2

  • SHA256

    e4141a1f1d7e56f4196a1cea4d0804d0206d858e452012fd36e5d1c0eac81c3d

  • SHA512

    850e03147c2ea65119eff125dd4e6e5dc002721f22e3bcccacb1ad54661235a5244b86c2cc59e25737f81ba221a53411f025235376a22620373f4def8bc4e272

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.believe.academy/me2z/

Decoy

rampdauto.com

noriharte.com

harborfreightcreditcard.com

tktspyhwz.icu

cagehosting.com

hgfte.club

fullnessspa.com

link-repair.com

rrjyds.com

edevletdestekcardmerkez.com

sprayingmachines.com

janerowenlester.com

velocityworkflow.com

kcrm.computer

kjbubeng.com

virtualhockeyconference.com

trugrits.com

creativesociallight.com

dnaswabtesting.com

willpool.com

Targets

    • Target

      DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe

    • Size

      1.1MB

    • MD5

      eb2002937cb72b457e35ce221ebf299e

    • SHA1

      be5027e99c4f251652b533e768167ee5a40fc7e2

    • SHA256

      e4141a1f1d7e56f4196a1cea4d0804d0206d858e452012fd36e5d1c0eac81c3d

    • SHA512

      850e03147c2ea65119eff125dd4e6e5dc002721f22e3bcccacb1ad54661235a5244b86c2cc59e25737f81ba221a53411f025235376a22620373f4def8bc4e272

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks