Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    307KB

  • Sample

    221126-xmdvkaah7x

  • MD5

    877de9a9a7aa030d8c549725cef27fe7

  • SHA1

    15e0643254900a766b014ebf66a7908c39d13a23

  • SHA256

    db4f7ae9934ea4c650e8f3efbab3914b4c37cfb74d3da221a2c767db3a739dd9

  • SHA512

    4fcae60a6fd3756258f9cc34033701d9b476f2833527611c16f5e6141ee1e374fb31a21a313c0602ac473559c6f94b261ef39594111fa1b0a9f6237bc8473a15

  • SSDEEP

    6144:OiLB8uttDE5lHXaUqGAf1J3g75f8bYVsgVkJ8Uh16bv7n:VB8OtDE5IvGAfL3g71YYVsgVtS16bv

Score
10/10
formbookxloaderpgntloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Extracted

Family

xloader

Version

3.�E

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

    • Target

      tmp

    • Size

      307KB

    • MD5

      877de9a9a7aa030d8c549725cef27fe7

    • SHA1

      15e0643254900a766b014ebf66a7908c39d13a23

    • SHA256

      db4f7ae9934ea4c650e8f3efbab3914b4c37cfb74d3da221a2c767db3a739dd9

    • SHA512

      4fcae60a6fd3756258f9cc34033701d9b476f2833527611c16f5e6141ee1e374fb31a21a313c0602ac473559c6f94b261ef39594111fa1b0a9f6237bc8473a15

    • SSDEEP

      6144:OiLB8uttDE5lHXaUqGAf1J3g75f8bYVsgVkJ8Uh16bv7n:VB8OtDE5IvGAfL3g71YYVsgVtS16bv

    Score
    10/10
    formbookpgntratspywarestealertrojanxloaderloader

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks