Overview

overview

10

Static

static

TEC20201601.exe

windows7_x64

1

TEC20201601.exe

windows10_x64

10

Resubmissions

17-01-2021 17:09

210117-b6h1y37z22 10

16-01-2021 07:37

210116-a3w2es64as 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TEC20201601.exe

  • Size

    1.2MB

  • Sample

    210117-b6h1y37z22

  • MD5

    19682ff802fd6fc13c896ba4572e9edc

  • SHA1

    c52eed4a18f23464ef7c8968c4a7cad63564d2e6

  • SHA256

    73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca

  • SHA512

    31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.a-emeservice.com/m8ec/

Decoy

thomascraigwealth.com

melbournemedicalhealth.net

tdxcoin.com

lukassbprojects.net

aldemallc.com

moqawalat-kuwait.com

txcsco.com

jobcarepro.com

sedotwcmedanmurah.com

niconthenine.com

radliffrehab.com

infiniteechogroup.com

stellantis-luxury-rent.com

ibusehat.info

resellerauctions.com

softwarexprogrammers.com

bumpnlifestyle.com

mintmacher.com

partapprintercare.com

justrightinsurance.com

Targets

    • Target

      TEC20201601.exe

    • Size

      1.2MB

    • MD5

      19682ff802fd6fc13c896ba4572e9edc

    • SHA1

      c52eed4a18f23464ef7c8968c4a7cad63564d2e6

    • SHA256

      73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca

    • SHA512

      31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks