Overview

overview

10

Static

static

Revise Order.exe

windows7_x64

10

Revise Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revise Order.exe

  • Size

    868KB

  • Sample

    210112-y1hhahrg9e

  • MD5

    467fcc237db53f7bb42eac881adde0ba

  • SHA1

    bd09e1cb4167721ab3c73f66a947201f13132378

  • SHA256

    afaa365ef87b1aa804d330d56de9cee53e284870221ddf9aae2c36774e69e9af

  • SHA512

    98a256583937fb716288c8990c46fba7e19d476f86c1be530510d8d76f78c869dbe6329262f10f903ce0cc13622231f23bb4372098125dede5c2e192791d986f

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.lensinlens.com/ehxh/

Decoy

financialaccompany.com

face2bouk.com

blazedisinfecting.com

providaconsultinggroup.com

distriautosdelpacifico.com

myaduhelm.com

thangmaygiatot.com

nuevasantatecla.com

endpedophiles.com

alwanps.com

anzi-studio.com

twoswinginghammers.com

curbedinc.com

purecleantn.com

4levelsplit.com

talklinecall.com

egypte-vakanties.com

xzntfwof.icu

sosyoclassic.com

adjoalearningacademy.com

Targets

    • Target

      Revise Order.exe

    • Size

      868KB

    • MD5

      467fcc237db53f7bb42eac881adde0ba

    • SHA1

      bd09e1cb4167721ab3c73f66a947201f13132378

    • SHA256

      afaa365ef87b1aa804d330d56de9cee53e284870221ddf9aae2c36774e69e9af

    • SHA512

      98a256583937fb716288c8990c46fba7e19d476f86c1be530510d8d76f78c869dbe6329262f10f903ce0cc13622231f23bb4372098125dede5c2e192791d986f

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks