Overview

overview

10

Static

static

Draft FCR-HBL.exe

windows7_x64

10

Draft FCR-HBL.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Draft FCR-HBL.exe

  • Size

    642KB

  • Sample

    210115-9hnpphwxh6

  • MD5

    cca5f563da874fee695fd34f35d9692a

  • SHA1

    727fb4e81e190f36516432e2d3e07c22e7534ca5

  • SHA256

    5cd75052c82b5ff0cc1261075c4fdb060c21062c72525508cbb75e44683f6d0b

  • SHA512

    7ae58590d4540eac9cda384adb1d7fb206d4c9086cdfd5797a3add87eb60025f92824ed63ceeda578303adde0f247ca701f3904762eacda5cd9d99c22811c5f6

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.basketballcardgame.com/mmfg/

Decoy

sweetlifeandstyle.com

testhomesteaddomain.com

findersforce.com

tmobitvmall.com

wishganmet.info

shimizuvps.com

onfirecreativegroup.com

jeremyroywilliams.com

utopiabangkok.com

caiwweizipper.com

kvartira.credit

shreesakthifoods.com

redirmsg.com

ellopooch.com

casinossurveillancenetwork.com

taskso.com

aaoficial.life

jointwellscap.com

katecorc.com

talkbirds.com

Targets

    • Target

      Draft FCR-HBL.exe

    • Size

      642KB

    • MD5

      cca5f563da874fee695fd34f35d9692a

    • SHA1

      727fb4e81e190f36516432e2d3e07c22e7534ca5

    • SHA256

      5cd75052c82b5ff0cc1261075c4fdb060c21062c72525508cbb75e44683f6d0b

    • SHA512

      7ae58590d4540eac9cda384adb1d7fb206d4c9086cdfd5797a3add87eb60025f92824ed63ceeda578303adde0f247ca701f3904762eacda5cd9d99c22811c5f6

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks