JdtN8nIcLi8RQOi.exe

General
Target

JdtN8nIcLi8RQOi.exe

Size

822KB

Sample

210113-px4hf7dajn

Score
10 /10
MD5

aee550440966b0bd34d9ccb2b1f7f146

SHA1

14125d61fbcf4b63cb9c9ad82a60be3ad9aa2a3d

SHA256

d31340f14a66b43a1f5cf461cf48278bb97bfc33ef5a8bd0b29d0a3e6f315895

SHA512

7a81e4fec8c21339eb051205ad5a84fd3db07b4e330b9911b740d1382f4a084b812217312ec3e97a63ffc22ea260a7f2a2d9c8fc463881cabf7d2392e038d894

Malware Config

Extracted

Family formbook
C2

http://www.allismd.com/ur06/

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

p87mbu2ss.xyz

the-makery.info

untegoro.site

newyorkcityhemorrhoidcenter.com

crystalclearwholistics.com

iregentos.info

fullskis.com

promanconsortium.com

800029120.com

mummyisme.com

humpychocks.com

myfavestuff.store

naturalfemina.com

bimetalthermostatksd.com

draysehaniminciftligi.com

sf9820.com

4thop.com

24les.com

thepupcrew.com

strangephobias.com

hotmamabody.com

restaurantsilhouette.com

texasadultdayservices.com

binahaiat.com

nipseythegreat.com

pelisplusxd.net

mamborio.com

elitedigitalperformance.com

therileyretreat.com

aieqbgk.icu

Targets
Target

JdtN8nIcLi8RQOi.exe

MD5

aee550440966b0bd34d9ccb2b1f7f146

Filesize

822KB

Score
10 /10
SHA1

14125d61fbcf4b63cb9c9ad82a60be3ad9aa2a3d

SHA256

d31340f14a66b43a1f5cf461cf48278bb97bfc33ef5a8bd0b29d0a3e6f315895

SHA512

7a81e4fec8c21339eb051205ad5a84fd3db07b4e330b9911b740d1382f4a084b812217312ec3e97a63ffc22ea260a7f2a2d9c8fc463881cabf7d2392e038d894

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation