formbook | f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032 | Triage

Submit
Reports

Overview

overview

Static

static

1

triage_dro...le.exe

windows7_x64

triage_dro...le.exe

windows7_x64

triage_dro...le.exe

windows7_x64

triage_dro...le.exe

windows11_x64

triage_dro...le.exe

windows10_x64

triage_dro...le.exe

windows10_x64

triage_dro...le.exe

windows10_x64

Resubmissions

21-10-2021 12:22

211021-pj5j4sacd5 10

21-10-2021 12:15

211021-pew26sacc7 10

Sharing

General

Target

triage_dropped_file
Size

253KB
Sample

211021-pj5j4sacd5
MD5

d0e4c13e6c8ba9fe34d86b554b595d9a
SHA1

83eee2dbe00ae265af9eb13105dc1068b6b034cd
SHA256

f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032
SHA512

72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d

Score

10^/10

formbook xloader kqna loader persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

triage_dropped_file.exe

Resource

win7-ja-20211014

xloader kqna loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

triage_dropped_file.exe

Resource

win7-en-20210920

formbook xloader kqna loader persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

triage_dropped_file.exe

Resource

win7-de-20211014

formbook xloader kqna loader persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

triage_dropped_file.exe

Resource

win11

xloader kqna loader persistence rat

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

triage_dropped_file.exe

Resource

win10-ja-20210920

xloader kqna loader persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

triage_dropped_file.exe

Resource

win10-en-20211014

formbook xloader kqna loader persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

triage_dropped_file.exe

Resource

win10-de-20210920

formbook xloader kqna loader persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

kqna

C2

http://www.surfsolutions.info/kqna/

Decoy

achyutlifesciences.com

anthemmg.com

netkopat.com

generationgirlnaturals.com

novatel-network.com

craftstockco.com

thevishantiverse.art

elkerfly.com

haerotechs.com

candypalette.com

gregdokes.com

e-commerce.company

gratitudeland.com

companyintelcloud.com

publicyazilim.com

xc6811.com

aracsozluk.com

janesgalant.quest

fraserstephendop.com

ryan.rentals

wyse-solutions.com

reddishslouqb.xyz

rukygua.xyz

unlimitedrehab.com

fundafes.com

goodoffice.online

guserq.com

tigerstarmatka.com

ganleychevybuyscars.com

murrayforcongress.com

artistandfund.com

integritynotarial.com

cantomarbait.com

alifdanismanlik.com

meggisiegert.com

high-clicks3.com

xn--schwche-8wa.com

caffeiny.com

landsoftexasranchland.com

armmapp.com

cursosminharendaextra.com

globalmarineserv.com

lowestfars.com

finlayo.com

hautlescoeurscollection.com

cyclesforyou.com

bagwashs.com

medicaltrust-sd.com

passivemen.com

midatlanticbath.com

mchaskellproperties.com

facetofacewith.com

worldwidecorumuk.com

g632b.online

atozshoppingllc.com

jcswkj.net

czemi.com

minutemannetwork.net

hjku.xyz

uko7wuyj.xyz

amigasconesencia.com

hodgeandpartners.com

edfnu.com

corncobmeal.com

Targets

- Target
  
  triage_dropped_file
- Size
  
  253KB
- MD5
  
  d0e4c13e6c8ba9fe34d86b554b595d9a
- SHA1
  
  83eee2dbe00ae265af9eb13105dc1068b6b034cd
- SHA256
  
  f8d9fbcef6907460baa7c91e53d1a40865901bb50906b5519cba440fdbc65032
- SHA512
  
  72f5fcd367c0f0fdc83827bea529f84a85ace28550a5cd8102cb0cde2829d81defe312fb0d95d3c5a8e8728f4efd8cb433bfab0b3e1f265fffdc4e0ad687247d
Score

10^/10

xloader kqna loader rat formbook persistence spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Registers COM server for autorun
  persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderkqnaloaderrat

behavioral2

formbookxloaderkqnaloaderpersistenceratspywarestealertrojan

behavioral3

formbookxloaderkqnaloaderpersistenceratspywarestealertrojan

behavioral4

xloaderkqnaloaderpersistencerat

behavioral5

xloaderkqnaloaderpersistenceratspywarestealer

behavioral6

formbookxloaderkqnaloaderpersistenceratspywarestealertrojan

behavioral7

formbookxloaderkqnaloaderpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy