General
-
Target
b116243ed4215cbcb325a827d11cdc68.exe
-
Size
245KB
-
Sample
220512-jdhv9sbah5
-
MD5
b116243ed4215cbcb325a827d11cdc68
-
SHA1
c9ef499d8ec2966dda389ce769012b4ad6661cbc
-
SHA256
ecd736b3ee17564a101bfdf8ff757edf53948a983ef1c1dd088cd9f214034990
-
SHA512
39543aa90882920e8ba46777eb092abb678471c7cc7876d1ad98b2d4b1c6f4f50669d18c764c3b655866a682acabe2b73e1958be5a4ebfc0973574d210393ef3
Malware Config
Extracted
xloader
2.5
bs8f
atmospheraglobal.com
dontshootima.com
bestofferusde.club
yourdigitalboss.com
breskizci.com
myarrovacoastwebsite.com
reasclerk.com
efrovida.com
wsmz.net
upneett.com
loefflerforgov.com
noida.info
trndystore.com
arhaldar.online
vivibanca.tech
mykrema.com
vseserialy.online
ridgewayinsua.com
heauxland.com
bestcollegecourses.com
Targets
-
-
Target
b116243ed4215cbcb325a827d11cdc68.exe
-
Size
245KB
-
MD5
b116243ed4215cbcb325a827d11cdc68
-
SHA1
c9ef499d8ec2966dda389ce769012b4ad6661cbc
-
SHA256
ecd736b3ee17564a101bfdf8ff757edf53948a983ef1c1dd088cd9f214034990
-
SHA512
39543aa90882920e8ba46777eb092abb678471c7cc7876d1ad98b2d4b1c6f4f50669d18c764c3b655866a682acabe2b73e1958be5a4ebfc0973574d210393ef3
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-