Overview

overview

10

Static

static

xPkiX7vwNVqQf9I.exe

windows7_x64

10

xPkiX7vwNVqQf9I.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xPkiX7vwNVqQf9I.exe

  • Size

    1.1MB

  • Sample

    210119-kwtzghsld6

  • MD5

    7c551b6169afa66e8966ad53730679ca

  • SHA1

    d32cecce6d8f4dbe0556ad9fd0fc95f5eae93a56

  • SHA256

    d087c47135a5a1f2aff88262dab08a447beb3c9a97aa18ee6a60212d81ee21f7

  • SHA512

    f7652d9621b2d0acc049dfd0a712822b0f81cfc8072652256d9053d1a1193cecf6ad448157423d07bb8426b447eb99cb838f04642579800ea8116bee6711066d

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.asicprominer.com/umSa/

Decoy

lessensations.com

growcerybank.com

rvworkforce.com

djangosports.com

jgrosinger.com

tongjiash.com

rianebrady.com

xiaoxu.info

allwaysautism.com

couturev.com

dantedikhali.com

sagamoreca.com

sandisyardsale.com

happizi.com

moonchildboxco.store

maquillajembp.com

sojubythebay.com

verdexwellness.com

authenticperiod.cloud

bitpreserve.com

Targets

    • Target

      xPkiX7vwNVqQf9I.exe

    • Size

      1.1MB

    • MD5

      7c551b6169afa66e8966ad53730679ca

    • SHA1

      d32cecce6d8f4dbe0556ad9fd0fc95f5eae93a56

    • SHA256

      d087c47135a5a1f2aff88262dab08a447beb3c9a97aa18ee6a60212d81ee21f7

    • SHA512

      f7652d9621b2d0acc049dfd0a712822b0f81cfc8072652256d9053d1a1193cecf6ad448157423d07bb8426b447eb99cb838f04642579800ea8116bee6711066d

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks