Overview

overview

10

Static

static

53f49109a1...cd.exe

windows7_x64

10

53f49109a1...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53f49109a1c5fa77ec3c4557011a50cd.exe

  • Size

    1.4MB

  • Sample

    210119-b4954spkn2

  • MD5

    53f49109a1c5fa77ec3c4557011a50cd

  • SHA1

    ca395941866606ea268b1f3d6382c773f24f7ac3

  • SHA256

    2d876129c69f0f4be0c87aeb20cdc38ae8f5db29bea6f87807946b89e0b61a50

  • SHA512

    c1d2431c060ea7297e9c1491b88f738a9bba77e402110274b5464d0cb8a65470f212444d0bbb80fd70d23cccefbe7ba52fd1d79a68e48e908f0c41a848f5cbb5

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.herbmedia.net/csv8/

Decoy

slgacha.com

oohdough.com

6983ylc.com

aykassociate.com

latin-hotspot.com

starrockindia.com

beamsubway.com

queensboutique1000.com

madbaddie.com

bhoomimart.com

ankitparivar.com

aldanasanchezmx.com

citest1597669833.com

cristianofreitas.com

myplantus.com

counterfeitmilk.com

8xf39.com

pregnantwomens.com

yyyut6.com

stnanguo.com

Targets

    • Target

      53f49109a1c5fa77ec3c4557011a50cd.exe

    • Size

      1.4MB

    • MD5

      53f49109a1c5fa77ec3c4557011a50cd

    • SHA1

      ca395941866606ea268b1f3d6382c773f24f7ac3

    • SHA256

      2d876129c69f0f4be0c87aeb20cdc38ae8f5db29bea6f87807946b89e0b61a50

    • SHA512

      c1d2431c060ea7297e9c1491b88f738a9bba77e402110274b5464d0cb8a65470f212444d0bbb80fd70d23cccefbe7ba52fd1d79a68e48e908f0c41a848f5cbb5

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks