General

  • Target

    Solicitud de presupuesto.exe

  • Size

    463KB

  • Sample

    210114-ed6y8patjn

  • MD5

    c210b2139d4b19d8f5f737f45e893289

  • SHA1

    c02471a24902a11779cef4cec8b0bd9d7de813dc

  • SHA256

    8dcbbb73c0afe52777190faea7b3c0c5bf89407a20d1e24784e7afe7f163ba1a

  • SHA512

    336fcfdf875fdaa9cabe9794598c74908d76139fc2bfbac84cf90b67f78940c63f67a605f584ad6d354f62763d0b72b1b3a772f8a6d3c523eed8ecac686f5449

Malware Config

Extracted

Family

formbook

C2

http://www.smallcoloradoweddings.com/kio8/

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

    • Target

      Solicitud de presupuesto.exe

    • Size

      463KB

    • MD5

      c210b2139d4b19d8f5f737f45e893289

    • SHA1

      c02471a24902a11779cef4cec8b0bd9d7de813dc

    • SHA256

      8dcbbb73c0afe52777190faea7b3c0c5bf89407a20d1e24784e7afe7f163ba1a

    • SHA512

      336fcfdf875fdaa9cabe9794598c74908d76139fc2bfbac84cf90b67f78940c63f67a605f584ad6d354f62763d0b72b1b3a772f8a6d3c523eed8ecac686f5449

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks