Overview

overview

10

Static

static

Request fo...on.exe

windows7_x64

10

Request fo...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request for Quotation.exe

  • Size

    1.0MB

  • Sample

    210119-e98swdzdmj

  • MD5

    7f2ab7a73897ef184b2b2f88c441f7b2

  • SHA1

    ba88609508657b04c665d15b9fec27565810aec9

  • SHA256

    ae8f3d13092dbd9ac0a490c691eefafe0026e44148a9df896d6b5b8edceb5284

  • SHA512

    6aa465396a70f43812e2b19da321ce02bd2a018108dd8fd29c1b9beac0d787979a15d8cebf5d62b38cc38eadada54a6b0c7a2aa0977ceedf9caef1229edd81d8

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.outtheframecustoms.com/9t6k/

Decoy

parklineemployerperks.com

container-hq.com

harzproductions.com

wweebtedge.com

sandiegosalesandleasing.com

ri-web-dev.com

ufomars.com

countrybarndogkennel.com

imakestuff.xyz

lnmqjy.com

martialarttemple.com

jermaine-williams.com

ahomedokita.com

buttsliders.com

3344cq.com

umkxmhopi.icu

houstonlasertreatment.com

makingdoathome.com

ladysativamarketing.com

shroomgiant.com

Targets

    • Target

      Request for Quotation.exe

    • Size

      1.0MB

    • MD5

      7f2ab7a73897ef184b2b2f88c441f7b2

    • SHA1

      ba88609508657b04c665d15b9fec27565810aec9

    • SHA256

      ae8f3d13092dbd9ac0a490c691eefafe0026e44148a9df896d6b5b8edceb5284

    • SHA512

      6aa465396a70f43812e2b19da321ce02bd2a018108dd8fd29c1b9beac0d787979a15d8cebf5d62b38cc38eadada54a6b0c7a2aa0977ceedf9caef1229edd81d8

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks