Overview

overview

10

Static

static

6blnUJRr4yKrjCS.exe

windows7_x64

10

6blnUJRr4yKrjCS.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6blnUJRr4yKrjCS.exe

  • Size

    845KB

  • Sample

    210113-pn26tm9252

  • MD5

    8bde4f2dbbb7abf5f54c799ecab14a27

  • SHA1

    82923df0764bc80d4e8dc2dc1b53c92417d042d6

  • SHA256

    92463d5500d27c6270248dfa01e99a77cc33c5caab3ae357c424b3d42864a4f7

  • SHA512

    29476254d6223819a3cde1bc3100318d66736d106e8376671fa9e225d46b4e934aba2bc2871bcf83ce6c30d3a27e2085fc787752ef5f4870dcf14b551d902773

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.asicprominer.com/umSa/

Decoy

lessensations.com

growcerybank.com

rvworkforce.com

djangosports.com

jgrosinger.com

tongjiash.com

rianebrady.com

xiaoxu.info

allwaysautism.com

couturev.com

dantedikhali.com

sagamoreca.com

sandisyardsale.com

happizi.com

moonchildboxco.store

maquillajembp.com

sojubythebay.com

verdexwellness.com

authenticperiod.cloud

bitpreserve.com

Targets

    • Target

      6blnUJRr4yKrjCS.exe

    • Size

      845KB

    • MD5

      8bde4f2dbbb7abf5f54c799ecab14a27

    • SHA1

      82923df0764bc80d4e8dc2dc1b53c92417d042d6

    • SHA256

      92463d5500d27c6270248dfa01e99a77cc33c5caab3ae357c424b3d42864a4f7

    • SHA512

      29476254d6223819a3cde1bc3100318d66736d106e8376671fa9e225d46b4e934aba2bc2871bcf83ce6c30d3a27e2085fc787752ef5f4870dcf14b551d902773

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks