Overview

overview

10

Static

static

KOPIA_PL.exe

windows7-x64

10

KOPIA_PL.exe

windows10-1703-x64

10

KOPIA_PL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kopia płatności.img

  • Size

    1.2MB

  • Sample

    220921-g66rpabagk

  • MD5

    ccb59f0c235ee722278de44a0fd7ac89

  • SHA1

    92ac53b3825048ebacedd5514dc7038e3dc84c42

  • SHA256

    e5c9d4c58b101b94daaba5f5a7f7e7d7bbb49b49edb34ac7af7de7a549315a49

  • SHA512

    9a36ba318101c01a56efcba988ba02dbe081579347061de6e8dcfdf3948fa9b399e203c584d531baa8d6badd046ea1d87bdfcfebb60819ba82ee70906eee527e

  • SSDEEP

    6144:V18i/ZxjC1bf3jTb6BYmQ6WCjEQoF2jjTF6wJPjx:V18OZxWTvb6i+WCjEQi2jjD

Score
10/10
formbookxloaderdwdploaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Extracted

Family

xloader

Version

3.8

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Targets

    • Target

      KOPIA_PL.EXE

    • Size

      279KB

    • MD5

      957f050d064565a4c7d9ca1ff9025c3e

    • SHA1

      5687d9cc3e3fc1ef65c5efa39b2b795bd48604e5

    • SHA256

      bdaf2cc27694475beaef6b0945e952e41e3ab6972bae7243b3656c6a87d2bb0e

    • SHA512

      a5da71119fa05c69f8c8ec1632944c891a2360d07de95645370eeca67e565de25a49c11a1d50c33a700de5d6e38e6c0d56811613350e92914ec8394e2ae46abd

    • SSDEEP

      6144:h18i/ZxjC1bf3jTb6BYmQ6WCjEQoF2jjTF6wJPjxG:h18OZxWTvb6i+WCjEQi2jjDo

    Score
    10/10
    formbookxloaderdwdploaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks