Overview

overview

10

Static

static

FtLroeD5Kmr6rNC.exe

windows7_x64

10

FtLroeD5Kmr6rNC.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FtLroeD5Kmr6rNC.exe

  • Size

    734KB

  • Sample

    210113-tkn9k7tcn6

  • MD5

    c8208e09703f024933544517fb4db4a3

  • SHA1

    0f6b53720c7556d04c5fed4b07084f86fd115480

  • SHA256

    ee4b567e9ec4039e3494f812a70c14c02865b600a2356e3f5906ac520242839f

  • SHA512

    637668d98a88d73b496fb5c3fb928ab018ece33947cacf8ca7cb42d3874967d07cc995357b8710bc451d1301bb0e41e5000cdfa4f56548f7b983313fd49b358e

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.asicprominer.com/umSa/

Decoy

lessensations.com

growcerybank.com

rvworkforce.com

djangosports.com

jgrosinger.com

tongjiash.com

rianebrady.com

xiaoxu.info

allwaysautism.com

couturev.com

dantedikhali.com

sagamoreca.com

sandisyardsale.com

happizi.com

moonchildboxco.store

maquillajembp.com

sojubythebay.com

verdexwellness.com

authenticperiod.cloud

bitpreserve.com

Targets

    • Target

      FtLroeD5Kmr6rNC.exe

    • Size

      734KB

    • MD5

      c8208e09703f024933544517fb4db4a3

    • SHA1

      0f6b53720c7556d04c5fed4b07084f86fd115480

    • SHA256

      ee4b567e9ec4039e3494f812a70c14c02865b600a2356e3f5906ac520242839f

    • SHA512

      637668d98a88d73b496fb5c3fb928ab018ece33947cacf8ca7cb42d3874967d07cc995357b8710bc451d1301bb0e41e5000cdfa4f56548f7b983313fd49b358e

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks