Overview

overview

10

Static

static

payment _doc.exe

windows7_x64

10

payment _doc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment _doc.exe

  • Size

    884KB

  • Sample

    210119-sxgkpyj9qx

  • MD5

    d65c9fe128d2294055cc9b3238e67c07

  • SHA1

    1495109fc0760f4becd195b790206a0fc00b89ce

  • SHA256

    ad03ca16b05c593894d3cf90ea6ebe56f3ce6dc94dc0675234f357893f3aadfa

  • SHA512

    60b9fb9c9d159dac7d9a486ebf7dba7387ac45ab184857a0721d59e2a78dc4a4e074b80126d912d4a00351345f564e283ef2bf7630c437147d398a52b4f9fb21

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.bimtracks.com/e3eb/

Decoy

jrgsestates.com

xpress-supplies.com

manniramart.com

2800delaware.com

abeltobaygo.com

audiologiamallorca.com

motormaniaintl.com

millennialluxuryliving.com

wrightrealestates.com

servicesguide.online

ignitejob.com

overdoza.com

deliveringcarsanywhere.com

lojahellomundo.com

245245.xyz

ngdbusa.com

bandarnalo.network

microbekr.com

myflycodes.club

weatherstationpolinema2020.com

Targets

    • Target

      payment _doc.exe

    • Size

      884KB

    • MD5

      d65c9fe128d2294055cc9b3238e67c07

    • SHA1

      1495109fc0760f4becd195b790206a0fc00b89ce

    • SHA256

      ad03ca16b05c593894d3cf90ea6ebe56f3ce6dc94dc0675234f357893f3aadfa

    • SHA512

      60b9fb9c9d159dac7d9a486ebf7dba7387ac45ab184857a0721d59e2a78dc4a4e074b80126d912d4a00351345f564e283ef2bf7630c437147d398a52b4f9fb21

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks