General
-
Target
P.O-119370.QDT.js
-
Size
372KB
-
Sample
220705-pp2qeahbfk
-
MD5
2cf2b9a9a03292d7733f06e49cb29e11
-
SHA1
608d9f8a14814a4fabf64b2ee48a0f9b1278bbd2
-
SHA256
d2bdd71059b32be6cdf3fde2ff853b1dcb0f131568e983d625aed7007afd1850
-
SHA512
c7680a9137360da375ad234957a1736634d2b9c68def8bc9223854a0339c961855819de74d9ba05d5c0df36160d20b9fa98885c8d4ed5c9b5017a1df036a54de
Malware Config
Targets
-
-
Target
P.O-119370.QDT.js
-
Size
372KB
-
MD5
2cf2b9a9a03292d7733f06e49cb29e11
-
SHA1
608d9f8a14814a4fabf64b2ee48a0f9b1278bbd2
-
SHA256
d2bdd71059b32be6cdf3fde2ff853b1dcb0f131568e983d625aed7007afd1850
-
SHA512
c7680a9137360da375ad234957a1736634d2b9c68def8bc9223854a0339c961855819de74d9ba05d5c0df36160d20b9fa98885c8d4ed5c9b5017a1df036a54de
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-