Overview

overview

10

Static

static

1

030d9daf75...98.exe

windows7-x64

10

030d9daf75...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498.zip

  • Size

    448KB

  • Sample

    230308-qgm3qaee35

  • MD5

    b6123f7ea7f18bfd8beab14ad1057b74

  • SHA1

    7ff5639d553f78ee942ea9ed07aff52ec9638657

  • SHA256

    0afffd22e04c0364cab946c3b693a19b4075c52a8348ad84c20d44e256336eff

  • SHA512

    c5c3af4b070a90222041554a4fb2abd9a585356be98659879e6fbaf0e7f167a452ed62b3a81696ca7c31118110a6232aec619ea8e0c8caf334ed6d7cde12c9a4

  • SSDEEP

    12288:XXGtxy6kverkT7krZi0rjGvNsouEwgwrX+l0u492o0n:hAFpXSLuzgwJua5m

Score
10/10
formbookxloaderqsqmloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

qsqm

Decoy

gYI8BO7T7BQOBw==

5kKpX8NHT4cITCAOEkMYvi5HiMZ5

oq5lCVwFY9KNJipM

OiTOjWhDMXBf8H9o79k=

rSDHx5jqNn3Sz/LND/0G

ob6FSUE4NYUi5Iqg1YGfMg==

fI5oMbAC5EAeerSKKRM2PjF7TYJh

lmWieqE8QHg=

yLxwFWm+rbCJXqE=

MyY9R8VCSaAtEJY2MdHAXKY=

WYA53Ezjh808

EPu6bfMPNJUh

upyUkeqQ6B/FJyq2PCiwnZf/

RvN3e2hDLJQmo9qtZTVoRmPi

hZhWEObjh808

K1gowrFsO5p0UchTUEVoRmPi

7hXPaZ6i+F7o2L8OCCyhNA==

bIp+E/xrSG9QHA==

+EPrJAdvSG9QHA==

METFhoRGH1sBBWhAbA==

Extracted

Family

xloader

Version

3.ƅ

Campaign

qsqm

Decoy

gYI8BO7T7BQOBw==

5kKpX8NHT4cITCAOEkMYvi5HiMZ5

oq5lCVwFY9KNJipM

OiTOjWhDMXBf8H9o79k=

rSDHx5jqNn3Sz/LND/0G

ob6FSUE4NYUi5Iqg1YGfMg==

fI5oMbAC5EAeerSKKRM2PjF7TYJh

lmWieqE8QHg=

yLxwFWm+rbCJXqE=

MyY9R8VCSaAtEJY2MdHAXKY=

WYA53Ezjh808

EPu6bfMPNJUh

upyUkeqQ6B/FJyq2PCiwnZf/

RvN3e2hDLJQmo9qtZTVoRmPi

hZhWEObjh808

K1gowrFsO5p0UchTUEVoRmPi

7hXPaZ6i+F7o2L8OCCyhNA==

bIp+E/xrSG9QHA==

+EPrJAdvSG9QHA==

METFhoRGH1sBBWhAbA==

Targets

    • Target

      030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498.exe

    • Size

      474KB

    • MD5

      dcb7eaa1fd51e975b67a3ed92509167a

    • SHA1

      528c5a4837a195707581724d408c809433f14a16

    • SHA256

      030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498

    • SHA512

      8b095bc1d1c22db78e1ee1011bd7d6564c3657c4bade729baf803b6df857f88be1fceac74b55b72786df635bbee7ad3ff8d17bbc28da553c1bb08ae275df543c

    • SSDEEP

      6144:WG0tEl7ERlzVxn5zLTjgpjdGXq7IOVf4c0Lu8nuyqvM30vakSNMmoYqTVXwIuODf:BCFzbF3g1kXqZf4czAVMmlq5pTlEv1G

    Score
    10/10
    formbookxloaderqsqmloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks