Overview

overview

10

Static

static

Busan Korea.exe

windows7_x64

10

Busan Korea.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Busan Korea.exe

  • Size

    1.1MB

  • Sample

    210118-zlx85kfapx

  • MD5

    c463ffa063af5cde7ad2a0aaf726854a

  • SHA1

    64b49f2fbc2bbc943ddfc3515ecb6a3092ebf47c

  • SHA256

    cb791f412d5932e2488323eb036e19c6f495d1e89f6fcbbd0f4b81efba432378

  • SHA512

    076bd2ae39edc6acf501c925d0acb1a38e087fd2cd88e47463c0815bff6947828adffc610b0354fcc87ae43b95471ea4e4773349da1dcb6cd5d7128af8f497ae

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.valiantbranch.com/0wdn/

Decoy

inclusivefamilybookshop.com

hollyjmillsphotography.com

mojavewellnessaz.com

cookies-x.info

trainingkanban.com

tempoborough.life

mayalv.com

mbsgiftstore.com

vanjele.com

serieshaha.com

jlbstructural.com

topkids.asia

thejoyofleather.com

qvujxa.com

anythinginworld.com

danielablason.com

smartphoneloops.com

thisisauckland.com

cityelectricals.com

revati-thenoir.com

Targets

    • Target

      Busan Korea.exe

    • Size

      1.1MB

    • MD5

      c463ffa063af5cde7ad2a0aaf726854a

    • SHA1

      64b49f2fbc2bbc943ddfc3515ecb6a3092ebf47c

    • SHA256

      cb791f412d5932e2488323eb036e19c6f495d1e89f6fcbbd0f4b81efba432378

    • SHA512

      076bd2ae39edc6acf501c925d0acb1a38e087fd2cd88e47463c0815bff6947828adffc610b0354fcc87ae43b95471ea4e4773349da1dcb6cd5d7128af8f497ae

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks