Overview

overview

10

Static

static

Al Muhaidi...gz.exe

windows7-x64

10

Al Muhaidi...gz.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Al Muhaidib Group KSA.Order With our Company Profile.doc.gz.exe

  • Size

    313KB

  • Sample

    220928-x3s97aaadl

  • MD5

    624b5a402b803e5387ad3703512b6245

  • SHA1

    c13ee0108903b3e3408db80e9d8b601f4831649b

  • SHA256

    6cb6ca24a5438e646c710e6f4f0c7f4f79d12faa9cf647e89a215083eea45417

  • SHA512

    cc7d20501feadf1599f936d8bba67973c052af9c99a617efde1b3d56b7c3b6b4be86865e924b25efbf2bb1486355bcff07c52459d7da5b202b0c701087daab8b

  • SSDEEP

    6144:Mnfj51HnOQ7hseU+3FfVpJem0rHkMMQNI2tK+u:+5tnnN13FbEkOpK

Score
10/10
formbookxloaderr4amloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

r4am

Decoy

7s+N0ZPIJ9VpqrvtKksXc7XuyWQV

b10VlJxyr+gCSypTPq+ttg==

p38gcQiwILmDccYrmbc=

J/ORoE40XwuxoUBl0DCnAjg=

waVc3Ur4Ig/2N0Ju2wG1DbgtjWxhIxs=

yp97AnUvgTnkTw4b

mYElQRz+60TcJwkmpAqVnYfUymE=

aUfuNJdSXN/qNxE/cpiTmoTL/4cd

aR/gJFPYz8rH+cVCjpty

xY45ukYcf0olJqofG75t

TBq3DAxHoNxz8qesW9Ft

TTP/Dhhszw/D8kZdFg==

qHgNTp0fYKBi19z346EcuNxg

A83SygeBE+V16/U=

LOesLh1Ykw8BKSmyaV1l

y6paCH8rmVAlJQ==

vYwzUX3wKXJGnWGyaV1l

lXVE0tXBtEtmmVeyaV1l

dV80xnHwI1aoF/MR

AN1o76cpYJhWVyFS1TCnAjg=

Extracted

Family

xloader

Version

3.8

Campaign

r4am

Decoy

7s+N0ZPIJ9VpqrvtKksXc7XuyWQV

b10VlJxyr+gCSypTPq+ttg==

p38gcQiwILmDccYrmbc=

J/ORoE40XwuxoUBl0DCnAjg=

waVc3Ur4Ig/2N0Ju2wG1DbgtjWxhIxs=

yp97AnUvgTnkTw4b

mYElQRz+60TcJwkmpAqVnYfUymE=

aUfuNJdSXN/qNxE/cpiTmoTL/4cd

aR/gJFPYz8rH+cVCjpty

xY45ukYcf0olJqofG75t

TBq3DAxHoNxz8qesW9Ft

TTP/Dhhszw/D8kZdFg==

qHgNTp0fYKBi19z346EcuNxg

A83SygeBE+V16/U=

LOesLh1Ykw8BKSmyaV1l

y6paCH8rmVAlJQ==

vYwzUX3wKXJGnWGyaV1l

lXVE0tXBtEtmmVeyaV1l

dV80xnHwI1aoF/MR

AN1o76cpYJhWVyFS1TCnAjg=

Targets

    • Target

      Al Muhaidib Group KSA.Order With our Company Profile.doc.gz.exe

    • Size

      313KB

    • MD5

      624b5a402b803e5387ad3703512b6245

    • SHA1

      c13ee0108903b3e3408db80e9d8b601f4831649b

    • SHA256

      6cb6ca24a5438e646c710e6f4f0c7f4f79d12faa9cf647e89a215083eea45417

    • SHA512

      cc7d20501feadf1599f936d8bba67973c052af9c99a617efde1b3d56b7c3b6b4be86865e924b25efbf2bb1486355bcff07c52459d7da5b202b0c701087daab8b

    • SSDEEP

      6144:Mnfj51HnOQ7hseU+3FfVpJem0rHkMMQNI2tK+u:+5tnnN13FbEkOpK

    Score
    10/10
    formbookr4amratspywarestealertrojanxloaderloader

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks