General
-
Target
00987764545456467.exe
-
Size
790KB
-
Sample
230721-ppk3nafb5x
-
MD5
49985cf212ea355f93e38481c8376734
-
SHA1
9f1e5fe65d87e70f1a2f46928728f097e15f7517
-
SHA256
b25eec1ba4f98d59e8fbb6d5ee791f86ad2ec3882f49a9df12794d1b519fdc14
-
SHA512
67d5d117834d0d611b8c574aecc972cdb8fc99d43a3926947320a56181bf0c1943057a8068d9aa2bc5050d808f67fb49c06b5e1bb25c65696662ef0a701405a6
-
SSDEEP
24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvM3qv9:rKAKGj7ks35rPmaCnvM6v9
Malware Config
Extracted
xloader
2.6
uj3c
copimetro.com
choonchain.com
luxxwireless.com
fashionweekofcincinnati.com
campingshare.net
suncochina.com
kidsfundoor.com
testingnyc.co
lovesoe.com
vehiclesbeenrecord.com
socialpearmarketing.com
maxproductdji.com
getallarticle.online
forummind.com
arenamarenostrum.com
trisuaka.xyz
designgamagazine.com
chateaulehotel.com
huangse5.com
esginvestment.tech
Targets
-
-
Target
00987764545456467.exe
-
Size
790KB
-
MD5
49985cf212ea355f93e38481c8376734
-
SHA1
9f1e5fe65d87e70f1a2f46928728f097e15f7517
-
SHA256
b25eec1ba4f98d59e8fbb6d5ee791f86ad2ec3882f49a9df12794d1b519fdc14
-
SHA512
67d5d117834d0d611b8c574aecc972cdb8fc99d43a3926947320a56181bf0c1943057a8068d9aa2bc5050d808f67fb49c06b5e1bb25c65696662ef0a701405a6
-
SSDEEP
24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvM3qv9:rKAKGj7ks35rPmaCnvM6v9
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Suspicious use of NtCreateProcessOtherParentProcess
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-