0O9BJfVJi6fEMoS.exe

Target

0O9BJfVJi6fEMoS.exe

Size

797KB

Sample

210223-jvj577e3yn

Score

10 ^/10

MD5

18ec78e09155c046a203fb4dcbc3593f

SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Extracted

Family	formbook
C2	http://www.besteprobioticakopen.online/uszn/ http://www.besteprobioticakopen.online/uszn/
Decoy	animegriptape.com pcpnetworks.com putupmybabyforadoption.com xn--jvrr98g37n88d.com fertinvitro.doctor undonethread.com avoleague.com sissysundays.com guilhermeoliveiro.site catholicon-bespeckle.info mardesuenosfundacion.com songkhoe24.site shoecityindia.com smallbathroomdecor.info tskusa.com prairiespringsllc.com kegncoffee.com clicklounge.xyz catholicendoflifeplanning.com steelobzee.com xiknekiterapia.com whereinthezooareyou.com maglex.info dango3.net sqjqw4.com theparadisogroup.com karthikeyainfraindia.com luewevedre.com helpwithmynutrition.com lengyue.cool pbipropertiesllc.com glidedisc.com sz-rhwjkj.com 776fx.com kamanantzin.com grandwhale.com trump2020shop.net gentilelibri.com jarliciouslounge.com dgcsales.net hypno.doctor holidayinnindyairportnorth.com buysellleasewithlisa.com girishastore.com tinynucleargenerators.com crystalphoenixltd.com lapplify.com bailbondinazusa.com michaelmery.com tripleecoaching.com fastenerspelosato.net horisan-touki.com marketingavacado.com centrebiozeina.com xn--3etz63bc5ck9c.com rhemachurch4u.com homeschoolangel.com romeysworld.com themixedveggies.com queendreea.club epedalflorida.com blutreemg.com nongfupingtai.com shikshs.com animegriptape.com pcpnetworks.com putupmybabyforadoption.com xn--jvrr98g37n88d.com fertinvitro.doctor undonethread.com avoleague.com sissysundays.com guilhermeoliveiro.site catholicon-bespeckle.info mardesuenosfundacion.com songkhoe24.site shoecityindia.com smallbathroomdecor.info tskusa.com prairiespringsllc.com kegncoffee.com clicklounge.xyz catholicendoflifeplanning.com steelobzee.com xiknekiterapia.com whereinthezooareyou.com maglex.info dango3.net sqjqw4.com theparadisogroup.com karthikeyainfraindia.com luewevedre.com helpwithmynutrition.com lengyue.cool pbipropertiesllc.com glidedisc.com sz-rhwjkj.com 776fx.com kamanantzin.com grandwhale.com trump2020shop.net gentilelibri.com jarliciouslounge.com dgcsales.net hypno.doctor holidayinnindyairportnorth.com buysellleasewithlisa.com girishastore.com tinynucleargenerators.com crystalphoenixltd.com lapplify.com bailbondinazusa.com michaelmery.com tripleecoaching.com fastenerspelosato.net horisan-touki.com marketingavacado.com centrebiozeina.com xn--3etz63bc5ck9c.com rhemachurch4u.com homeschoolangel.com romeysworld.com themixedveggies.com queendreea.club epedalflorida.com blutreemg.com nongfupingtai.com shikshs.com

Target

0O9BJfVJi6fEMoS.exe

MD5

18ec78e09155c046a203fb4dcbc3593f

Filesize

797KB

Score

10 ^/10

SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Xloader

Description

Xloader is a rebranded version of Formbook malware.

Tags

loader xloader
Xloader Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook xloader loader rat spyware stealer trojan

10^/10

behavioral2

formbook xloader loader rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Xloader

Description

Tags

Xloader Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2