Overview

overview

10

Static

static

1

HEALTH CER...df.exe

windows7_x64

8

HEALTH CER...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEALTH CERTIFICATES.pdf.arj

  • Size

    191KB

  • Sample

    210225-3mk83yngb2

  • MD5

    38d3759f011f2c27be8b0c6e7be5a1cd

  • SHA1

    8da450c5280e0ab541c079d76463b6f8a6195bbc

  • SHA256

    d9974ec866f729267a570ae5faaf7e43af8162d338cb9a5f40e6f827f0f7840e

  • SHA512

    7990f550cb20cae0009fc120f02b71dc35f90839cfd53f74f88904c2fbed509942382f66f127989706e7235df57e1dafff86ec2eec309e174f2514acff816c3d

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.rayyanu.com/cu6o/

Decoy

gardeniabotanics.com

millionairenursesociety.com

moronimatteo.com

856379910.xyz

grigparis.com

sensifeet.com

easyhomediytech.com

code2coffee.com

hallowsevecandles.com

lanyardsbylexi.com

polugroup.com

esporaurbana.com

15tothecity.com

confidentplans.com

myecosupply.com

digigro.net

dividend.zone

socialcapitalllc.com

dlpm104.com

espressdelivery.com

Targets

    • Target

      HEALTH CERTIFICATES_pdf.exe

    • Size

      206KB

    • MD5

      5fd5c091e2aabd5cd2b9d56636a86161

    • SHA1

      8a962bb871975c8d4c640efc80950e06aeebaf8e

    • SHA256

      7d70c24a55c87142f1adf402fb8d521ca6b3473c86e31119fdd7f538af2f9c8c

    • SHA512

      8483a93b772eaf64322d65b77c2001993df79508a33d74d82b8d76ff1ad27706b2e1df0ad478902d28fc72ecef345b0a30fd344823d4701c0af75181e10e60db

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks