General

  • Target

    24f9d7832d2ec8673c62aea51e58717e.exe

  • Size

    891KB

  • Sample

    210119-nk54pz2f1x

  • MD5

    24f9d7832d2ec8673c62aea51e58717e

  • SHA1

    782d70219eda646b7b134e26bd41ac71b90800f2

  • SHA256

    7b5c683c8f9571d55f21bdd73cec4b0f39a169265e58c5877ca94203e61548af

  • SHA512

    f20fab6b7de97b2b95088f5684ab50c074645259672685429189bbef158515ae392c212f5a15fd23bdc0e11b764ff45f4a1f2d98765f63ab58034ff9c0f965b0

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      24f9d7832d2ec8673c62aea51e58717e.exe

    • Size

      891KB

    • MD5

      24f9d7832d2ec8673c62aea51e58717e

    • SHA1

      782d70219eda646b7b134e26bd41ac71b90800f2

    • SHA256

      7b5c683c8f9571d55f21bdd73cec4b0f39a169265e58c5877ca94203e61548af

    • SHA512

      f20fab6b7de97b2b95088f5684ab50c074645259672685429189bbef158515ae392c212f5a15fd23bdc0e11b764ff45f4a1f2d98765f63ab58034ff9c0f965b0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks