Overview

overview

10

Static

static

VM ASIAN C...N.xlsx

windows7_x64

10

VM ASIAN C...N.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VM ASIAN CHAMPION.xlsx

  • Size

    2.3MB

  • Sample

    210114-ne6cwkr7wj

  • MD5

    70e08fe3de511ea1c49386b235f29787

  • SHA1

    9f2bd146123e5f51b40300146c0151b11c84e7b2

  • SHA256

    19400ad90a61f870637312b6f21305829b608cdde97e80904df1adb07793c733

  • SHA512

    8994961b3d40af1b416cfb48bb403d87df36e132730020cdee48ffdcad378ab94480c14189c68458ec56aa194dcfcb4fd62b77d48da723bb72ceb0db4410b512

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.thejusticeadvantageseminars.com/qccq/

Decoy

webuynyhouses.com

love-nepal.com

gardening-mistakes.com

495honda.com

newcuus.com

alefinvest.com

delhikigully.com

aznri4z9gtky4.net

hanswiemannbyaderans.com

mecaldiesel.com

akshen.net

y-agency.net

ahrohishrestha.com

arthalvorsonforcongress.com

mvmcompany.net

qyjjsk.com

yescoop.com

esergedrghwebrgqrq.xyz

kellyharmonedconsulting.com

deliciosatentacion.com

Targets

    • Target

      VM ASIAN CHAMPION.xlsx

    • Size

      2.3MB

    • MD5

      70e08fe3de511ea1c49386b235f29787

    • SHA1

      9f2bd146123e5f51b40300146c0151b11c84e7b2

    • SHA256

      19400ad90a61f870637312b6f21305829b608cdde97e80904df1adb07793c733

    • SHA512

      8994961b3d40af1b416cfb48bb403d87df36e132730020cdee48ffdcad378ab94480c14189c68458ec56aa194dcfcb4fd62b77d48da723bb72ceb0db4410b512

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks