Overview

overview

10

Static

static

eaae6c9626...bf.exe

windows7_x64

10

eaae6c9626...bf.exe

windows10_x64

10

Resubmissions

17-01-2021 17:37

210117-8783bhgtqn 10

16-01-2021 07:26

210116-jmhdlhy2pe 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaae6c96269eff1ba5834ce343a2d1bf.exe

  • Size

    395KB

  • Sample

    210116-jmhdlhy2pe

  • MD5

    eaae6c96269eff1ba5834ce343a2d1bf

  • SHA1

    23917bba7902c5c54f36f863b374795ac5615324

  • SHA256

    57fcc02e839d4ae0b8965ed55738960a952006f5e70ee1317f2bfacb97a43a5f

  • SHA512

    c494c998ff4997e72265db49d13e6ed6d5db05d36ac9ed3b19a65664b11f79f7c99ea8ad442e053eed97b14cb5cf4c329202781522de97a1ab35a143e2d5c243

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.herbmedia.net/csv8/

Decoy

slgacha.com

oohdough.com

6983ylc.com

aykassociate.com

latin-hotspot.com

starrockindia.com

beamsubway.com

queensboutique1000.com

madbaddie.com

bhoomimart.com

ankitparivar.com

aldanasanchezmx.com

citest1597669833.com

cristianofreitas.com

myplantus.com

counterfeitmilk.com

8xf39.com

pregnantwomens.com

yyyut6.com

stnanguo.com

Targets

    • Target

      eaae6c96269eff1ba5834ce343a2d1bf.exe

    • Size

      395KB

    • MD5

      eaae6c96269eff1ba5834ce343a2d1bf

    • SHA1

      23917bba7902c5c54f36f863b374795ac5615324

    • SHA256

      57fcc02e839d4ae0b8965ed55738960a952006f5e70ee1317f2bfacb97a43a5f

    • SHA512

      c494c998ff4997e72265db49d13e6ed6d5db05d36ac9ed3b19a65664b11f79f7c99ea8ad442e053eed97b14cb5cf4c329202781522de97a1ab35a143e2d5c243

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks