General
-
Target
SecuriteInfo.com.Win32.TrojanDownloader.Delf.DIB.21975.31231
-
Size
924KB
-
Sample
220630-qy359sddf3
-
MD5
4e13d4aa0427eb41203deb4d021ec71c
-
SHA1
12762fa4762e1c1a16cc31656e7a80b7a2428fb5
-
SHA256
d25d2c22b3843c1e8aaecec11b29d4ebb6fbe5b67a6f5a345abf0709516920d3
-
SHA512
4555a7e0dee519f47e92abc7360cb2a48809ccc3cefd12c0146a58f9a8154e9da7f386b002e5e19fede969ded728c06f186331f75d0c415353daab724bed1510
Malware Config
Extracted
xloader
2.7
n5mz
ezhuilike.com
broomstickrum.com
ramaniclothing.com
midbots.com
rlxscpe.com
elanagro.online
chahuajie.com
digipubcity.com
predatorstoppers.com
savas-jewelry.com
timinis23.com
homesteaddesignstudio.net
bellezadehoy.online
disintar.xyz
sharinks.tech
redfoxdetroit.com
resscoptheron.com
aspiritualgiftshoppe.com
tematemazo.com
assasa.net
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanDownloader.Delf.DIB.21975.31231
-
Size
924KB
-
MD5
4e13d4aa0427eb41203deb4d021ec71c
-
SHA1
12762fa4762e1c1a16cc31656e7a80b7a2428fb5
-
SHA256
d25d2c22b3843c1e8aaecec11b29d4ebb6fbe5b67a6f5a345abf0709516920d3
-
SHA512
4555a7e0dee519f47e92abc7360cb2a48809ccc3cefd12c0146a58f9a8154e9da7f386b002e5e19fede969ded728c06f186331f75d0c415353daab724bed1510
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-