Overview

overview

10

Static

static

PO_610.20-...DF.exe

windows7_x64

5

PO_610.20-...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO_610.20-21.A2424.UP_PDF.exe

  • Size

    297KB

  • Sample

    210120-wqdfvk4q22

  • MD5

    3ea0aeab9cc01933b5ba3f78e8ceddb4

  • SHA1

    ecd362b4af516f2855607326ffcf684355ec4762

  • SHA256

    feb7ef6e6c842b97b92c82fdba89499c252cc9414874efc7fafae8389dbf0538

  • SHA512

    455f749c00be8dc2108c60f18efd5217b5eb2bf7414871ad82c50a84419d04934702893e90f95adfbcde89bf677c0d78cb636b86670192179327da2ac13d2170

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.chuanxingtong.com/j5an/

Decoy

xwwgj.com

release-paypal.com

investorshighway.com

maglex.info

chenangopistolpermit.com

thebihareye.com

sanjosemasks.com

foremanmotors.com

stadtstreicherin.com

9247pf.com

erenvincplatform.xyz

cushcaps.com

flatisteam.com

kojyouibennto.com

rahmatsuparman.com

vallyfades.online

metropitstop.com

shopasha.com

windycitycreditsolutions.com

uproxysite.com

Targets

    • Target

      PO_610.20-21.A2424.UP_PDF.exe

    • Size

      297KB

    • MD5

      3ea0aeab9cc01933b5ba3f78e8ceddb4

    • SHA1

      ecd362b4af516f2855607326ffcf684355ec4762

    • SHA256

      feb7ef6e6c842b97b92c82fdba89499c252cc9414874efc7fafae8389dbf0538

    • SHA512

      455f749c00be8dc2108c60f18efd5217b5eb2bf7414871ad82c50a84419d04934702893e90f95adfbcde89bf677c0d78cb636b86670192179327da2ac13d2170

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks