General
-
Target
INVOICE.rar
-
Size
567KB
-
Sample
210924-scx38shcan
-
MD5
f870fae8399a83da4989cd2a4b3cecc7
-
SHA1
cdaa5c7b2864d3353b84c5e2a97790738b9bdd38
-
SHA256
c78323831bc77fefdeaa33bd70441e02d7c94f456290a3068f345baaf5fff6cc
-
SHA512
4abb22e264f30db000f7ddf0eabb13d087af07d83eac0d1f34c0a0f43bd038d587632eae152fa5425b49161f93d7fc655a0a9b83a4f94d3fdadaec3cbd612c63
Malware Config
Extracted
xloader
2.5
m6rs
http://www.litediv.com/m6rs/
globalsovereignbank.com
ktnrape.xyz
churchybulletin.com
ddyla.com
imatge.cat
iwholesalestore.com
cultivapro.club
ibcfcl.com
refurbisheddildo.com
killerinktnpasumo4.xyz
mdphotoart.com
smi-ity.com
stanprolearningcenter.com
companyintelapp.com
tacticarc.com
soolls.com
gra68.net
cedricettori.digital
mossobuy.com
way2liv.com
Targets
-
-
Target
INVOICE.exe
-
Size
1.0MB
-
MD5
3e0b369f71d263bd0918bfce2b1873c3
-
SHA1
0919aa900e50b290cc90426537ec25a9c44496b0
-
SHA256
c10f872ac7d56c5c8d5151eb8d5c3aba275f83bd55700c0dc38776a04b275175
-
SHA512
6c5cb90c5519dbaf90b2ca2183d6c48a1cd216eeb1eff02f16d1042cdde5955734c7ea52408e6ec907abb1a5e4c40eca40b9ed830a92315fad4660861e425c3f
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-