Overview

overview

10

Static

static

Statement ...95.jar

windows7_x64

10

Statement ...95.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Statement for T10495.jar

  • Size

    811KB

  • Sample

    210119-f9zjn269he

  • MD5

    0764a56dda2fd74d87e9303972af246c

  • SHA1

    e0cb38683d4a5e83c4d26cd11cbdd97a42aef8d6

  • SHA256

    1c9bd5c0c394b6aa7606bac0e69e85d65c5321ac6a17d9615d7e3a813bf44193

  • SHA512

    c8835d58181d9f6c51d2b7fa1c980678211a004030d6a5f6fcb4dbfd332df7d1073f7ddc966fe151134357e099af510f0edfb758a462042f74c008ae31d09333

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.dmvantalya.com/bnuw/

Decoy

amgggma.com

reptilerus.com

degearboss.com

jennaelsbakeshop.com

invisablescreen.com

beingsingleda.com

2nsupplements.online

12862.xyz

expand.care

romeoalchimistefullmental.com

7750166.com

brendonellis.com

sprayfoamharlemny.com

bukannyaterbuai30.com

boatpiz.com

stylistrx.com

decorationhaven.com

stockaro.com

state728.com

secretlairtoys.com

Targets

    • Target

      Statement for T10495.jar

    • Size

      811KB

    • MD5

      0764a56dda2fd74d87e9303972af246c

    • SHA1

      e0cb38683d4a5e83c4d26cd11cbdd97a42aef8d6

    • SHA256

      1c9bd5c0c394b6aa7606bac0e69e85d65c5321ac6a17d9615d7e3a813bf44193

    • SHA512

      c8835d58181d9f6c51d2b7fa1c980678211a004030d6a5f6fcb4dbfd332df7d1073f7ddc966fe151134357e099af510f0edfb758a462042f74c008ae31d09333

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks