Overview

overview

10

Static

static

dira1.exe

windows7_x64

10

dira1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dira1.exe

  • Size

    704KB

  • Sample

    210120-yvc4r6aw7e

  • MD5

    acafc669f75117421e1a93c8adaac072

  • SHA1

    15903dcfe3f5a37f1e1cbca0b45ab60a4ba08591

  • SHA256

    31f4d8bb8797649e9de2f8adc7b7e679775784d33d686d7c76429c4fe97a7c07

  • SHA512

    7387beb3154f9fa5dbefe5906e06e547e509786ab7fd9fc43663489cd28271341458b46a1f9a9986d414b313669f0c2feefca4e2989fa6df3fe5ccd6af5a9866

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      dira1.exe

    • Size

      704KB

    • MD5

      acafc669f75117421e1a93c8adaac072

    • SHA1

      15903dcfe3f5a37f1e1cbca0b45ab60a4ba08591

    • SHA256

      31f4d8bb8797649e9de2f8adc7b7e679775784d33d686d7c76429c4fe97a7c07

    • SHA512

      7387beb3154f9fa5dbefe5906e06e547e509786ab7fd9fc43663489cd28271341458b46a1f9a9986d414b313669f0c2feefca4e2989fa6df3fe5ccd6af5a9866

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks