General

  • Target

    3b1d9014124456eb0540384e0525563d.exe

  • Size

    712KB

  • Sample

    210114-yklmr4nxae

  • MD5

    3b1d9014124456eb0540384e0525563d

  • SHA1

    52de9e2843933e5bbcb162a1083e168d787e1c44

  • SHA256

    4c2ffa57352cd1e3b76fdf01f581046245fe70427377823464857ad32189dcba

  • SHA512

    c4418339775e442cd0391bda22f6c77e751ec0f2e545129dea650b8ff23866be309f02eb894bec6e54d104510057014211b929a9d00cf5217e0d342f420dd911

Malware Config

Extracted

Family

formbook

C2

http://www.bodyfuelrtd.com/8rg4/

Decoy

fakecostasunglasses.com

twinbrothers.pizza

jizhoujsp.com

qscrit.com

hotelmanise.com

fer-ua.online

europserver-simcloud.systems

redwap2.pro

betwalkoffame.com

latashalovemillionaire.com

8million-lr.com

tomatrader.com

modaluxcutabovefitness.com

shishijiazu.com

cckytx.com

reversehomeloansmiami.com

imaginenationnetwork.com

thecyclistshop.com

jorgegiljewelry.com

hlaprotiens.com

Targets

    • Target

      3b1d9014124456eb0540384e0525563d.exe

    • Size

      712KB

    • MD5

      3b1d9014124456eb0540384e0525563d

    • SHA1

      52de9e2843933e5bbcb162a1083e168d787e1c44

    • SHA256

      4c2ffa57352cd1e3b76fdf01f581046245fe70427377823464857ad32189dcba

    • SHA512

      c4418339775e442cd0391bda22f6c77e751ec0f2e545129dea650b8ff23866be309f02eb894bec6e54d104510057014211b929a9d00cf5217e0d342f420dd911

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks