Overview

overview

10

Static

static

Bank details.exe

windows7_x64

10

Bank details.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank details.exe

  • Size

    887KB

  • Sample

    210119-yml1ry8p8x

  • MD5

    3eec66e80f478d2730d7e128d393460d

  • SHA1

    b86c0705c6b9cf3101f7d5fa17d094ec7cb3d3da

  • SHA256

    6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18

  • SHA512

    5a9425722539d2053b39962ee2b6f3df61c896946664638b180723979a6b024f8c3d5c7d48dcba5eb00bc93f1498744919f9d1790662e851c9bfd3f45905cdfa

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.lensinlens.com/ehxh/

Decoy

financialaccompany.com

face2bouk.com

blazedisinfecting.com

providaconsultinggroup.com

distriautosdelpacifico.com

myaduhelm.com

thangmaygiatot.com

nuevasantatecla.com

endpedophiles.com

alwanps.com

anzi-studio.com

twoswinginghammers.com

curbedinc.com

purecleantn.com

4levelsplit.com

talklinecall.com

egypte-vakanties.com

xzntfwof.icu

sosyoclassic.com

adjoalearningacademy.com

Targets

    • Target

      Bank details.exe

    • Size

      887KB

    • MD5

      3eec66e80f478d2730d7e128d393460d

    • SHA1

      b86c0705c6b9cf3101f7d5fa17d094ec7cb3d3da

    • SHA256

      6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18

    • SHA512

      5a9425722539d2053b39962ee2b6f3df61c896946664638b180723979a6b024f8c3d5c7d48dcba5eb00bc93f1498744919f9d1790662e851c9bfd3f45905cdfa

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks