0O9BJfVJi6fEMoS.exe

General
Target

0O9BJfVJi6fEMoS.exe

Size

797KB

Sample

210223-jvj577e3yn

Score
10 /10
MD5

18ec78e09155c046a203fb4dcbc3593f

SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Malware Config

Extracted

Family formbook
C2

http://www.besteprobioticakopen.online/uszn/

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

xiknekiterapia.com

whereinthezooareyou.com

maglex.info

dango3.net

sqjqw4.com

theparadisogroup.com

karthikeyainfraindia.com

luewevedre.com

helpwithmynutrition.com

lengyue.cool

pbipropertiesllc.com

glidedisc.com

sz-rhwjkj.com

776fx.com

kamanantzin.com

grandwhale.com

trump2020shop.net

gentilelibri.com

jarliciouslounge.com

dgcsales.net

hypno.doctor

holidayinnindyairportnorth.com

buysellleasewithlisa.com

girishastore.com

tinynucleargenerators.com

crystalphoenixltd.com

lapplify.com

bailbondinazusa.com

michaelmery.com

tripleecoaching.com

Targets
Target

0O9BJfVJi6fEMoS.exe

MD5

18ec78e09155c046a203fb4dcbc3593f

Filesize

797KB

Score
10 /10
SHA1

40e67eef7c001a8752763616fc9a58170721c27a

SHA256

01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

SHA512

28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation