General

  • Target

    spptqzbEyNlEJvj.exe

  • Size

    801KB

  • Sample

    210114-46awa3e6xn

  • MD5

    fac6e34cc6144304a2a4c9f59ad426cb

  • SHA1

    c28d46950f2f4f163fca3fb042d33ab23a7c81e1

  • SHA256

    43822089dc4bbbe3800a980d2ac64435c0b00dd18648c0fd56dda65b11af5a35

  • SHA512

    3fbc3a9e6d707468d53cf5e0244b5e4c58a85e822605a4cd71b127620736a90d23915a5ba5eaaed825cd55da61e64b7efde7a2c8e6dd6909fa17acff1eb78ccc

Malware Config

Extracted

Family

formbook

C2

http://www.asicprominer.com/umSa/

Decoy

lessensations.com

growcerybank.com

rvworkforce.com

djangosports.com

jgrosinger.com

tongjiash.com

rianebrady.com

xiaoxu.info

allwaysautism.com

couturev.com

dantedikhali.com

sagamoreca.com

sandisyardsale.com

happizi.com

moonchildboxco.store

maquillajembp.com

sojubythebay.com

verdexwellness.com

authenticperiod.cloud

bitpreserve.com

Targets

    • Target

      spptqzbEyNlEJvj.exe

    • Size

      801KB

    • MD5

      fac6e34cc6144304a2a4c9f59ad426cb

    • SHA1

      c28d46950f2f4f163fca3fb042d33ab23a7c81e1

    • SHA256

      43822089dc4bbbe3800a980d2ac64435c0b00dd18648c0fd56dda65b11af5a35

    • SHA512

      3fbc3a9e6d707468d53cf5e0244b5e4c58a85e822605a4cd71b127620736a90d23915a5ba5eaaed825cd55da61e64b7efde7a2c8e6dd6909fa17acff1eb78ccc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks