Overview

overview

10

Static

static

SecuriteIn...85.exe

windows7-x64

10

SecuriteIn...85.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe

  • Size

    836KB

  • MD5

    92ea516a4e27329ac0ef278dab2bfa76

  • SHA1

    46e5db00e3f9a674208a51590aad707c2ffc03f8

  • SHA256

    5dd3a0a56d55816a0ffa7a9f2feb75613a68bd2ba9f145bd69ea616e8b8c9c9e

  • SHA512

    4ba4497ae441ff8879a6acaaef259915ead6021a058646c2726e77a87599b78d6dcc73879491f11b99d958388bcfff4b5c9f9eb9423bcda92a5c53df3a9789ba

  • SSDEEP

    12288:aBoolbR462TDeI3BqjN23YNzH44kCYtAbmT:ae603g032U4kPtQmT

Score
10/10
formbookxloader6hscloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

6hsc

Decoy

6cvqXARAGlgdnnbXYQ==

Mi4yZ8FULou6w26U2FDnEbA=

Xmx0bJmRZGL+O0RFfLFNN9AMdwn+

B0WNhyl4T2gWBIqE1VDnEbA=

DI2G9/sG/v6YIh42aQ==

0NTaAl90ZWYiGV/bT4U=

DWCuXrL23Cc3xdIG/0dT

fTbzys/dddqOVQ==

8ClrDFi3i+asgxBOnguhlQ==

YjOkWLSpXeqrXw==

gAIov8vbtv8vr8/tFSXvDULL7thokKA=

xMW2qsXay7xNkonR/zxPo939

xc38fRlgO2opnnbXYQ==

+o31vQlURJKmLUWfHlMq0Gjs

z6GwWxCSKJLJ

2pnQ5evpehAxUt4hd6pq9X71

2CmXDSU2DTmDR+Q=

WV9ScxFQID1V2glQnguhlQ==

L8UDlK65h9wJ7Zeb3VDnEbA=

Agb4LF2bRcDX

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL.GenKryptik.FXSF.tr.7185.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/920-60-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/920-61-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/920-63-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/920-64-0x00000000004202C0-mapping.dmp
    Download
  • memory/920-65-0x0000000000AF0000-0x0000000000DF3000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1380-54-0x0000000000A10000-0x0000000000AE6000-memory.dmp
    Filesize

    856KB

    Download
  • memory/1380-55-0x00000000757A1000-0x00000000757A3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1380-56-0x00000000004B0000-0x00000000004C6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1380-57-0x00000000004C0000-0x00000000004CC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1380-58-0x0000000007EE0000-0x0000000007F6C000-memory.dmp
    Filesize

    560KB

    Download
  • memory/1380-59-0x0000000001EF0000-0x0000000001F22000-memory.dmp
    Filesize

    200KB

    Download