Overview

overview

10

Static

static

PO-RY 001-...ri.jar

windows7_x64

10

PO-RY 001-...ri.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-RY 001-21 Accuri.jar

  • Size

    372KB

  • Sample

    210119-ehtflrh3k6

  • MD5

    c57bb7c025860397afdef61c676ead90

  • SHA1

    6b2195e0b140ad27c5fd909f4944b5a63c2a6e08

  • SHA256

    63b3402660ff4a015ff3bf516ece2da73234e315f5b0b7235ef3c4523d846152

  • SHA512

    7f1ddd540b4cb316101e1facb8a217047d607b7bcd9e888f020d2ca4fa46f0e04747fc465424f87c7e1a4c8713aa84bb34b33f4e2b97edb16d4c66392f90f6bd

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.dmvantalya.com/bnuw/

Decoy

amgggma.com

reptilerus.com

degearboss.com

jennaelsbakeshop.com

invisablescreen.com

beingsingleda.com

2nsupplements.online

12862.xyz

expand.care

romeoalchimistefullmental.com

7750166.com

brendonellis.com

sprayfoamharlemny.com

bukannyaterbuai30.com

boatpiz.com

stylistrx.com

decorationhaven.com

stockaro.com

state728.com

secretlairtoys.com

Targets

    • Target

      PO-RY 001-21 Accuri.jar

    • Size

      372KB

    • MD5

      c57bb7c025860397afdef61c676ead90

    • SHA1

      6b2195e0b140ad27c5fd909f4944b5a63c2a6e08

    • SHA256

      63b3402660ff4a015ff3bf516ece2da73234e315f5b0b7235ef3c4523d846152

    • SHA512

      7f1ddd540b4cb316101e1facb8a217047d607b7bcd9e888f020d2ca4fa46f0e04747fc465424f87c7e1a4c8713aa84bb34b33f4e2b97edb16d4c66392f90f6bd

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks