Overview

overview

10

Static

static

d2.exe

windows7_x64

10

d2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2.exe

  • Size

    1.1MB

  • Sample

    210121-w1891tdsqe

  • MD5

    5092bff4eca423c90563e487762966b3

  • SHA1

    bd929965aa556e4aeca7691d110690e742e68d1c

  • SHA256

    40acc1cfe1986fee292469e21c175d68bed0502f46af424d0cd8ec42e0ead72d

  • SHA512

    f0b8789b0e14252a9592f836d43223d5f920202c3b2c8ed2a3654430036ebd0145e815658d4cdcfddb8969d4a5834d95d53654a6fc7e73a3c71799f9fe1a75f3

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      d2.exe

    • Size

      1.1MB

    • MD5

      5092bff4eca423c90563e487762966b3

    • SHA1

      bd929965aa556e4aeca7691d110690e742e68d1c

    • SHA256

      40acc1cfe1986fee292469e21c175d68bed0502f46af424d0cd8ec42e0ead72d

    • SHA512

      f0b8789b0e14252a9592f836d43223d5f920202c3b2c8ed2a3654430036ebd0145e815658d4cdcfddb8969d4a5834d95d53654a6fc7e73a3c71799f9fe1a75f3

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks