Overview

overview

10

Static

static

QN-03507-20.exe

windows7_x64

10

QN-03507-20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QN-03507-20.exe

  • Size

    582KB

  • Sample

    210114-p6r712y396

  • MD5

    00aca09af0da80222fa4d918916eb380

  • SHA1

    9dcbdbdb9f4e569dab054427a17ec145b016135b

  • SHA256

    b2c722497192e585403d800c2b34bc14ed8c7ea9b0f2b4e8c7b7951b645cd319

  • SHA512

    4ecc0084cc57c02974cf2c0144ad7692fcf1baa645ead37924841c98b70866215ed95c120c33217e35a42205e9b46364f8c8dfecf9a1b65c31084cfe5fa79be0

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.basketballcardgame.com/mmfg/

Decoy

sweetlifeandstyle.com

testhomesteaddomain.com

findersforce.com

tmobitvmall.com

wishganmet.info

shimizuvps.com

onfirecreativegroup.com

jeremyroywilliams.com

utopiabangkok.com

caiwweizipper.com

kvartira.credit

shreesakthifoods.com

redirmsg.com

ellopooch.com

casinossurveillancenetwork.com

taskso.com

aaoficial.life

jointwellscap.com

katecorc.com

talkbirds.com

Targets

    • Target

      QN-03507-20.exe

    • Size

      582KB

    • MD5

      00aca09af0da80222fa4d918916eb380

    • SHA1

      9dcbdbdb9f4e569dab054427a17ec145b016135b

    • SHA256

      b2c722497192e585403d800c2b34bc14ed8c7ea9b0f2b4e8c7b7951b645cd319

    • SHA512

      4ecc0084cc57c02974cf2c0144ad7692fcf1baa645ead37924841c98b70866215ed95c120c33217e35a42205e9b46364f8c8dfecf9a1b65c31084cfe5fa79be0

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks