Overview

overview

10

Static

static

1

Swift File_pdf.exe

windows7_x64

10

Swift File_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy_pdf.zip

  • Size

    199KB

  • Sample

    210226-2wrwefer4n

  • MD5

    e81194033412cf29b2578e04289f2eb5

  • SHA1

    6009617333ea3de028a0178bb65a6095ecf70a5f

  • SHA256

    6284032616e473c5be9df9963b98a3db1f9dca519ca3b222951154b806bcd20c

  • SHA512

    d9b2fb0feef7507fe5f61f6b17754a20ade30335eda5cdb5cc8a24dc7f1c0d9b6e7d003df9003cfd6e4fa5b8e4fdfbe3fa28adc47ad1421aea775e0bf37d2e1e

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.layoutsbox.com/g832/

Decoy

thevalleycatholic.com

zhiyaanmo.com

commagx4.info

hozehapps.com

arbeitskrafte.net

mlpsdigital.com

79firerescue.com

tabby.info

ghjkl456.com

yige6688.com

mejungle.net

quanahpictures.com

swifter.tech

iraems.com

personaljie.tech

mima-tech.com

jonaskold.com

taxicabairports.com

worldarenaproperties.com

rentmy.place

Targets

    • Target

      Swift File_pdf.exe

    • Size

      212KB

    • MD5

      5db240ab92ef9f9e14f96816cce4f656

    • SHA1

      2f9b2f695654dafe3e7383bf5afa71c6277a4917

    • SHA256

      5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7

    • SHA512

      30970072756574169b05a1e7161fd8c2e36bea6496051a867c649ed0945c4f0d34ca8ba884f5a1a460737b639ee7f5e58ac53763b7924baa3cdc213d0afdca16

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks