Overview

overview

10

Static

static

d1.exe

windows7_x64

10

d1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1.exe

  • Size

    869KB

  • Sample

    210121-kxm16p4mps

  • MD5

    7cc23aa86ee79dc1e11a395e85096ec3

  • SHA1

    92e2887bc10089607141e78bc6702166ffa8ee32

  • SHA256

    2938b38c785f109befe2eb2768082aea672c27e978e52998a4bca8526b1a669f

  • SHA512

    0c475e681d8e0561913a2b62a8326f0de06390f3ae680dc498cb8c502fa917b8c04113abb159a0c8ec1358c95dea25eaf2770dbef7a4270081c2a1e6e481f93b

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      d1.exe

    • Size

      869KB

    • MD5

      7cc23aa86ee79dc1e11a395e85096ec3

    • SHA1

      92e2887bc10089607141e78bc6702166ffa8ee32

    • SHA256

      2938b38c785f109befe2eb2768082aea672c27e978e52998a4bca8526b1a669f

    • SHA512

      0c475e681d8e0561913a2b62a8326f0de06390f3ae680dc498cb8c502fa917b8c04113abb159a0c8ec1358c95dea25eaf2770dbef7a4270081c2a1e6e481f93b

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks