Overview

overview

10

Static

static

Purchase O...df.exe

windows7_x64

10

Purchase O...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order_pdf.exe

  • Size

    519KB

  • Sample

    210118-3s18le8btx

  • MD5

    b5e5802e37b01b3aa324090e4fc0af3a

  • SHA1

    ad98482ee1e4c90d5ffc19b3ec4720a332f0800a

  • SHA256

    f73c1a2549b119a5de3964cdcbbdbefbaca205e1f149b4d77688a92285b4d20b

  • SHA512

    53fb3b2ed4552302ad3d24cf437bf8ed95a593fe2242bec5392983e64c1b602d45fca3d71033fbc0113b7fefb4a2f0d67b0d9a66bf5ada7da5c485e1ef64517b

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.chuanxingtong.com/j5an/

Decoy

xwwgj.com

release-paypal.com

investorshighway.com

maglex.info

chenangopistolpermit.com

thebihareye.com

sanjosemasks.com

foremanmotors.com

stadtstreicherin.com

9247pf.com

erenvincplatform.xyz

cushcaps.com

flatisteam.com

kojyouibennto.com

rahmatsuparman.com

vallyfades.online

metropitstop.com

shopasha.com

windycitycreditsolutions.com

uproxysite.com

Targets

    • Target

      Purchase Order_pdf.exe

    • Size

      519KB

    • MD5

      b5e5802e37b01b3aa324090e4fc0af3a

    • SHA1

      ad98482ee1e4c90d5ffc19b3ec4720a332f0800a

    • SHA256

      f73c1a2549b119a5de3964cdcbbdbefbaca205e1f149b4d77688a92285b4d20b

    • SHA512

      53fb3b2ed4552302ad3d24cf437bf8ed95a593fe2242bec5392983e64c1b602d45fca3d71033fbc0113b7fefb4a2f0d67b0d9a66bf5ada7da5c485e1ef64517b

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks