AccXX8853.rar

General
Target

AccXX8853.rar

Size

443KB

Sample

210223-j53e2fcswx

Score
10 /10
MD5

6f5f0d462ab21b545b8c211f1fb36562

SHA1

7b6eb6bf01f99b27601174223d05ca240f03a213

SHA256

87ee577f00d453798ca357052e746159388306277d41f1f381dfeccc92ed94ed

SHA512

8ffcc3ed47c6d4a2b06c94741dc60ccc10564c86adf8327e89ab22105dcfe7e02f6bb9c9ce43c0999ebd2653145cf81b3ea582541f5f6c851c3bda02af4bf47d

Malware Config

Extracted

Family formbook
C2

http://www.besteprobioticakopen.online/uszn/

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

xiknekiterapia.com

whereinthezooareyou.com

maglex.info

dango3.net

sqjqw4.com

theparadisogroup.com

karthikeyainfraindia.com

luewevedre.com

helpwithmynutrition.com

lengyue.cool

pbipropertiesllc.com

glidedisc.com

sz-rhwjkj.com

776fx.com

kamanantzin.com

grandwhale.com

trump2020shop.net

gentilelibri.com

jarliciouslounge.com

dgcsales.net

hypno.doctor

holidayinnindyairportnorth.com

buysellleasewithlisa.com

girishastore.com

tinynucleargenerators.com

crystalphoenixltd.com

lapplify.com

bailbondinazusa.com

michaelmery.com

tripleecoaching.com

Targets
Target

0O9BJfVJi6fEMoS.exe

MD5

18ec78e09155c046a203fb4dcbc3593f

Filesize

797KB

Score
10 /10
SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation