Overview

overview

10

Static

static

YUAN PAYMENT.exe

windows7_x64

10

YUAN PAYMENT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YUAN PAYMENT.exe

  • Size

    1.2MB

  • Sample

    210116-nnlrv2194e

  • MD5

    c3548520f4207f36dff807aaca9374d7

  • SHA1

    a9e11e5e8624b789a8e7dd2d6b4e8d8a86b8fae5

  • SHA256

    098a33a70506458d7e349d06aac9ca3e3a2a3f73efa39d82942eeff3adc24509

  • SHA512

    5260a481fb96f905782b3e65db67d6e7e7216ca39da05980b724af1acbb2681ff69a405f5999f0e2685b9c20a7a833f0ed3a56ca512e99e08507305b84e9df25

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.a-emeservice.com/m8ec/

Decoy

thomascraigwealth.com

melbournemedicalhealth.net

tdxcoin.com

lukassbprojects.net

aldemallc.com

moqawalat-kuwait.com

txcsco.com

jobcarepro.com

sedotwcmedanmurah.com

niconthenine.com

radliffrehab.com

infiniteechogroup.com

stellantis-luxury-rent.com

ibusehat.info

resellerauctions.com

softwarexprogrammers.com

bumpnlifestyle.com

mintmacher.com

partapprintercare.com

justrightinsurance.com

Targets

    • Target

      YUAN PAYMENT.exe

    • Size

      1.2MB

    • MD5

      c3548520f4207f36dff807aaca9374d7

    • SHA1

      a9e11e5e8624b789a8e7dd2d6b4e8d8a86b8fae5

    • SHA256

      098a33a70506458d7e349d06aac9ca3e3a2a3f73efa39d82942eeff3adc24509

    • SHA512

      5260a481fb96f905782b3e65db67d6e7e7216ca39da05980b724af1acbb2681ff69a405f5999f0e2685b9c20a7a833f0ed3a56ca512e99e08507305b84e9df25

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks