AccXX8853.rar

Target

AccXX8853.rar

Size

443KB

Sample

210223-j53e2fcswx

Score

10 ^/10

MD5

6f5f0d462ab21b545b8c211f1fb36562

SHA1

7b6eb6bf01f99b27601174223d05ca240f03a213

SHA256

87ee577f00d453798ca357052e746159388306277d41f1f381dfeccc92ed94ed

SHA512

8ffcc3ed47c6d4a2b06c94741dc60ccc10564c86adf8327e89ab22105dcfe7e02f6bb9c9ce43c0999ebd2653145cf81b3ea582541f5f6c851c3bda02af4bf47d

Extracted

Family	formbook
C2	http://www.besteprobioticakopen.online/uszn/ http://www.besteprobioticakopen.online/uszn/
Decoy	animegriptape.com pcpnetworks.com putupmybabyforadoption.com xn--jvrr98g37n88d.com fertinvitro.doctor undonethread.com avoleague.com sissysundays.com guilhermeoliveiro.site catholicon-bespeckle.info mardesuenosfundacion.com songkhoe24.site shoecityindia.com smallbathroomdecor.info tskusa.com prairiespringsllc.com kegncoffee.com clicklounge.xyz catholicendoflifeplanning.com steelobzee.com xiknekiterapia.com whereinthezooareyou.com maglex.info dango3.net sqjqw4.com theparadisogroup.com karthikeyainfraindia.com luewevedre.com helpwithmynutrition.com lengyue.cool pbipropertiesllc.com glidedisc.com sz-rhwjkj.com 776fx.com kamanantzin.com grandwhale.com trump2020shop.net gentilelibri.com jarliciouslounge.com dgcsales.net hypno.doctor holidayinnindyairportnorth.com buysellleasewithlisa.com girishastore.com tinynucleargenerators.com crystalphoenixltd.com lapplify.com bailbondinazusa.com michaelmery.com tripleecoaching.com fastenerspelosato.net horisan-touki.com marketingavacado.com centrebiozeina.com xn--3etz63bc5ck9c.com rhemachurch4u.com homeschoolangel.com romeysworld.com themixedveggies.com queendreea.club epedalflorida.com blutreemg.com nongfupingtai.com shikshs.com animegriptape.com pcpnetworks.com putupmybabyforadoption.com xn--jvrr98g37n88d.com fertinvitro.doctor undonethread.com avoleague.com sissysundays.com guilhermeoliveiro.site catholicon-bespeckle.info mardesuenosfundacion.com songkhoe24.site shoecityindia.com smallbathroomdecor.info tskusa.com prairiespringsllc.com kegncoffee.com clicklounge.xyz catholicendoflifeplanning.com steelobzee.com xiknekiterapia.com whereinthezooareyou.com maglex.info dango3.net sqjqw4.com theparadisogroup.com karthikeyainfraindia.com luewevedre.com helpwithmynutrition.com lengyue.cool pbipropertiesllc.com glidedisc.com sz-rhwjkj.com 776fx.com kamanantzin.com grandwhale.com trump2020shop.net gentilelibri.com jarliciouslounge.com dgcsales.net hypno.doctor holidayinnindyairportnorth.com buysellleasewithlisa.com girishastore.com tinynucleargenerators.com crystalphoenixltd.com lapplify.com bailbondinazusa.com michaelmery.com tripleecoaching.com fastenerspelosato.net horisan-touki.com marketingavacado.com centrebiozeina.com xn--3etz63bc5ck9c.com rhemachurch4u.com homeschoolangel.com romeysworld.com themixedveggies.com queendreea.club epedalflorida.com blutreemg.com nongfupingtai.com shikshs.com

Target

0O9BJfVJi6fEMoS.exe

MD5

18ec78e09155c046a203fb4dcbc3593f

Filesize

797KB

Score

10 ^/10

SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Xloader

Description

Xloader is a rebranded version of Formbook malware.

Tags

loader xloader
Xloader Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Command-Line Interface

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook xloader loader rat spyware stealer trojan

10^/10

behavioral2

formbook xloader loader rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Xloader

Description

Tags

Xloader Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2