General
-
Target
SNO22 595406_RACX-159814.exe
-
Size
740KB
-
Sample
220125-r8j1taheg5
-
MD5
57d59a3b3d87c9e5808da7ad2b013955
-
SHA1
22a3f4dceee7b5f63e9e940a435412362f947878
-
SHA256
58fb47124bf49f4190852baec863af03f73216cbba65c7eaa527f6ec6612e42b
-
SHA512
63b009c902adb07e83d9e28917e1f3ee5a4a49ae426ca4b99a29eeaa961c56e1456fceb02f078578f37a271e98276249ba182686bfdca60053cc8bef08802125
Malware Config
Extracted
xloader
2.5
p8ce
wishmeluck1.xyz
nawabumi.com
terra.fish
eoraipsumami.quest
awakeningyourid.com
csyein.com
tslsinteligentes.com
cataractusa.com
capitalwheelstogo.com
staffremotely.com
trashbinwasher.com
blaneyparkrendezvous.com
yolrt.com
northendtaproom.com
showgeini.com
b95206.com
almcpersonaltraining.com
lovabledoodleshome.com
woodlandstationcondos.com
nikahlive.com
Targets
-
-
Target
SNO22 595406_RACX-159814.exe
-
Size
740KB
-
MD5
57d59a3b3d87c9e5808da7ad2b013955
-
SHA1
22a3f4dceee7b5f63e9e940a435412362f947878
-
SHA256
58fb47124bf49f4190852baec863af03f73216cbba65c7eaa527f6ec6612e42b
-
SHA512
63b009c902adb07e83d9e28917e1f3ee5a4a49ae426ca4b99a29eeaa961c56e1456fceb02f078578f37a271e98276249ba182686bfdca60053cc8bef08802125
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-