Overview

overview

10

Static

static

20210111 Virginie.exe

windows7_x64

10

20210111 Virginie.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20210111 Virginie.exe

  • Size

    1.0MB

  • Sample

    210113-qa5adcl2ya

  • MD5

    75ad92105a21f723cab80577de7ce4f7

  • SHA1

    e6ae412993f371e70418fc256ca8259eea45b668

  • SHA256

    924408349b7b3075a26d4e8408698ab07fc74ada1e94dbe35e6297e957724027

  • SHA512

    af6ff25d6c970789623afebc71a0113527dc9fcd00eb39c7f5bb4a61fc497bb5167a4b5fc03a6a38ead8b303dd716562239303117ecbf63aafe761bdf11501e8

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.lensinlens.com/ehxh/

Decoy

financialaccompany.com

face2bouk.com

blazedisinfecting.com

providaconsultinggroup.com

distriautosdelpacifico.com

myaduhelm.com

thangmaygiatot.com

nuevasantatecla.com

endpedophiles.com

alwanps.com

anzi-studio.com

twoswinginghammers.com

curbedinc.com

purecleantn.com

4levelsplit.com

talklinecall.com

egypte-vakanties.com

xzntfwof.icu

sosyoclassic.com

adjoalearningacademy.com

Targets

    • Target

      20210111 Virginie.exe

    • Size

      1.0MB

    • MD5

      75ad92105a21f723cab80577de7ce4f7

    • SHA1

      e6ae412993f371e70418fc256ca8259eea45b668

    • SHA256

      924408349b7b3075a26d4e8408698ab07fc74ada1e94dbe35e6297e957724027

    • SHA512

      af6ff25d6c970789623afebc71a0113527dc9fcd00eb39c7f5bb4a61fc497bb5167a4b5fc03a6a38ead8b303dd716562239303117ecbf63aafe761bdf11501e8

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks