Overview

overview

10

Static

static

1

Ordine -159-pdf.exe

windows7_x64

10

Ordine -159-pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordine -159-pdf.exe

  • Size

    212KB

  • Sample

    210226-y25el6c9xs

  • MD5

    77ef1adb73a2c4bf01fa2c3521b5df8e

  • SHA1

    dca2092fd1a203ba7d6bb9f043620a1b1700fca2

  • SHA256

    61b36d9d2e055b9e7be872cd42f44e78e9abfd505e5bc4e719d5b9801200d99e

  • SHA512

    a7efeae6777e57d14b09909b9c5f3d20e39afc03fc93e032482819b5292b02cb88d74d44f7ec0b24ada41e59bc0b3a9faeb1683430c1fabb18cf5cb52804ef6e

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.northwestcitraland.com/uqf5/

Decoy

chennaimarketplace.com

connect-c-mutue1.com

red4x.com

hongbei413.com

hckjxx.club

leadingdatasms.com

flash2mp3.com

njjvxin.com

bostonm.info

sgvision.net

linkit-mx.online

preferential.today

wmcanesthesiology.com

nationallawfulassent.com

atelierlun.com

hydeparkattulsahills.com

jamesprep.com

forcexconsulting.com

funkyleo.com

blackownedcapital.com

Targets

    • Target

      Ordine -159-pdf.exe

    • Size

      212KB

    • MD5

      77ef1adb73a2c4bf01fa2c3521b5df8e

    • SHA1

      dca2092fd1a203ba7d6bb9f043620a1b1700fca2

    • SHA256

      61b36d9d2e055b9e7be872cd42f44e78e9abfd505e5bc4e719d5b9801200d99e

    • SHA512

      a7efeae6777e57d14b09909b9c5f3d20e39afc03fc93e032482819b5292b02cb88d74d44f7ec0b24ada41e59bc0b3a9faeb1683430c1fabb18cf5cb52804ef6e

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks