Overview

overview

10

Static

static

1

Swift File_pdf.exe

windows7_x64

10

Swift File_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift File_pdf.exe

  • Size

    212KB

  • Sample

    210226-6rcf75p2qx

  • MD5

    5db240ab92ef9f9e14f96816cce4f656

  • SHA1

    2f9b2f695654dafe3e7383bf5afa71c6277a4917

  • SHA256

    5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7

  • SHA512

    30970072756574169b05a1e7161fd8c2e36bea6496051a867c649ed0945c4f0d34ca8ba884f5a1a460737b639ee7f5e58ac53763b7924baa3cdc213d0afdca16

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.layoutsbox.com/g832/

Decoy

thevalleycatholic.com

zhiyaanmo.com

commagx4.info

hozehapps.com

arbeitskrafte.net

mlpsdigital.com

79firerescue.com

tabby.info

ghjkl456.com

yige6688.com

mejungle.net

quanahpictures.com

swifter.tech

iraems.com

personaljie.tech

mima-tech.com

jonaskold.com

taxicabairports.com

worldarenaproperties.com

rentmy.place

Targets

    • Target

      Swift File_pdf.exe

    • Size

      212KB

    • MD5

      5db240ab92ef9f9e14f96816cce4f656

    • SHA1

      2f9b2f695654dafe3e7383bf5afa71c6277a4917

    • SHA256

      5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7

    • SHA512

      30970072756574169b05a1e7161fd8c2e36bea6496051a867c649ed0945c4f0d34ca8ba884f5a1a460737b639ee7f5e58ac53763b7924baa3cdc213d0afdca16

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks