General

  • Target

    3b33c707e522fc9e706c62687387ddbc.exe

  • Size

    336KB

  • Sample

    221208-pbfk1sch5y

  • MD5

    3b33c707e522fc9e706c62687387ddbc

  • SHA1

    d98eb37e12d6d7b03fd94933ab5f7dc445c67477

  • SHA256

    7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

  • SHA512

    7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695

  • SSDEEP

    6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY

Malware Config

Extracted

Family

formbook

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Extracted

Family

xloader

Version

3.Æ…

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Targets

    • Target

      3b33c707e522fc9e706c62687387ddbc.exe

    • Size

      336KB

    • MD5

      3b33c707e522fc9e706c62687387ddbc

    • SHA1

      d98eb37e12d6d7b03fd94933ab5f7dc445c67477

    • SHA256

      7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

    • SHA512

      7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695

    • SSDEEP

      6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks