Overview

overview

10

Static

static

BEF20201801.exe

windows7_x64

10

BEF20201801.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BEF20201801.exe

  • Size

    1.2MB

  • Sample

    210119-jz5mnv7b9e

  • MD5

    06e4d811d6a0234e3c4ef9eba38fd5a1

  • SHA1

    bbbd38280ad7fa5e36ba27a16873941613ae6e52

  • SHA256

    337be490c64d6bf931577dd90ea28277392a46ea541b61f1574dcd75aab02b0f

  • SHA512

    52223bef10103e10d56b3054c67baf088f70b6a88c13ac525d79f11ff385680288d1184c89da92a7aa9c9bcbdf1f8eb23881df1e9a9c3439236f77809953e209

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.a-emeservice.com/m8ec/

Decoy

thomascraigwealth.com

melbournemedicalhealth.net

tdxcoin.com

lukassbprojects.net

aldemallc.com

moqawalat-kuwait.com

txcsco.com

jobcarepro.com

sedotwcmedanmurah.com

niconthenine.com

radliffrehab.com

infiniteechogroup.com

stellantis-luxury-rent.com

ibusehat.info

resellerauctions.com

softwarexprogrammers.com

bumpnlifestyle.com

mintmacher.com

partapprintercare.com

justrightinsurance.com

Targets

    • Target

      BEF20201801.exe

    • Size

      1.2MB

    • MD5

      06e4d811d6a0234e3c4ef9eba38fd5a1

    • SHA1

      bbbd38280ad7fa5e36ba27a16873941613ae6e52

    • SHA256

      337be490c64d6bf931577dd90ea28277392a46ea541b61f1574dcd75aab02b0f

    • SHA512

      52223bef10103e10d56b3054c67baf088f70b6a88c13ac525d79f11ff385680288d1184c89da92a7aa9c9bcbdf1f8eb23881df1e9a9c3439236f77809953e209

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks