Overview

overview

10

Static

static

9tyZf93qRdNHfVw.exe

windows7_x64

10

9tyZf93qRdNHfVw.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9tyZf93qRdNHfVw.exe

  • Size

    930KB

  • Sample

    210118-r21e42lxhj

  • MD5

    2967ace274e8984c8543c386a8d0f3e2

  • SHA1

    aba6f9d379b6a75b84e1a03ea7cc89d13c952b55

  • SHA256

    00b4306bf3aa94183358ece86c01bb245ca2e39ba0a2d56f5b9d8b50c3ba3e91

  • SHA512

    88fd9f24c435bcc411a705f4e262ca8ff44ab8df555fb0653cb110769820155c73901ab06784777974e18abaeba58ad97ad12319cb7d68d3128dda7228162d4f

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.besteprobioticakopen.online/uszn/

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      9tyZf93qRdNHfVw.exe

    • Size

      930KB

    • MD5

      2967ace274e8984c8543c386a8d0f3e2

    • SHA1

      aba6f9d379b6a75b84e1a03ea7cc89d13c952b55

    • SHA256

      00b4306bf3aa94183358ece86c01bb245ca2e39ba0a2d56f5b9d8b50c3ba3e91

    • SHA512

      88fd9f24c435bcc411a705f4e262ca8ff44ab8df555fb0653cb110769820155c73901ab06784777974e18abaeba58ad97ad12319cb7d68d3128dda7228162d4f

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks