Overview

overview

10

Static

static

68249e5a45...82.exe

windows7_x64

10

68249e5a45...82.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68249e5a459f6b16aa2aec9ea67cf482.exe

  • Size

    1.4MB

  • Sample

    210120-caelc1nmy6

  • MD5

    68249e5a459f6b16aa2aec9ea67cf482

  • SHA1

    0e5b7ebda23ef4de9f8fa496587f015e65d6a8b1

  • SHA256

    4852c82f847938224365300b4fa89e8b3921e3b9d37f2c2b75605184f81ea9d2

  • SHA512

    15d6648a2eaba275377da7b33e7450d6808432a3ff822cca87027c80c59f745fbef91393b6f8094936a981c19eded26386ab675660f6fd04bf2201e4dfa28369

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.classifoods.com/oean/

Decoy

keboate.club

whitehatiq.com

loimtech.com

icaroagencia.com

snigglez.com

noreservationsxpress.com

villacascabel.com

5037adairway.com

growingequity.fund

stafffully.com

bingent.info

tmssaleguarantee.com

neonatalfeedrates.com

george-beauty.com

oraghallaighjourney.net

zunutrition.com

sylkysmooveentertainment.com

ddmns6tzey2d.com

dvcstay.com

304shaughnessygreen.info

Targets

    • Target

      68249e5a459f6b16aa2aec9ea67cf482.exe

    • Size

      1.4MB

    • MD5

      68249e5a459f6b16aa2aec9ea67cf482

    • SHA1

      0e5b7ebda23ef4de9f8fa496587f015e65d6a8b1

    • SHA256

      4852c82f847938224365300b4fa89e8b3921e3b9d37f2c2b75605184f81ea9d2

    • SHA512

      15d6648a2eaba275377da7b33e7450d6808432a3ff822cca87027c80c59f745fbef91393b6f8094936a981c19eded26386ab675660f6fd04bf2201e4dfa28369

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks