General
-
Target
tmp
-
Size
1.1MB
-
Sample
220506-rxm84acffq
-
MD5
f2b83c2075be8c51ada1ac1b2366095e
-
SHA1
f1dbf47b7e225bd92bd8d1a14ea832117f7c1037
-
SHA256
dbdd02d3fc196dd03b6f970e8bb08d82896d35b72878c09daa0ab36efcb19cf0
-
SHA512
7fdaf5cb281658bd7a8e4088ec8609a3bdd0b07bd029cb8390c9ff3823c854d2d51462bfc4bca8cf2af709e1986ee9eaec33c0be4ca68c759e631e31d85470fe
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
Targets
-
-
Target
tmp
-
Size
1.1MB
-
MD5
f2b83c2075be8c51ada1ac1b2366095e
-
SHA1
f1dbf47b7e225bd92bd8d1a14ea832117f7c1037
-
SHA256
dbdd02d3fc196dd03b6f970e8bb08d82896d35b72878c09daa0ab36efcb19cf0
-
SHA512
7fdaf5cb281658bd7a8e4088ec8609a3bdd0b07bd029cb8390c9ff3823c854d2d51462bfc4bca8cf2af709e1986ee9eaec33c0be4ca68c759e631e31d85470fe
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-