General

  • Target

    AccXX8853.rar

  • Size

    443KB

  • Sample

    210223-j53e2fcswx

  • MD5

    6f5f0d462ab21b545b8c211f1fb36562

  • SHA1

    7b6eb6bf01f99b27601174223d05ca240f03a213

  • SHA256

    87ee577f00d453798ca357052e746159388306277d41f1f381dfeccc92ed94ed

  • SHA512

    8ffcc3ed47c6d4a2b06c94741dc60ccc10564c86adf8327e89ab22105dcfe7e02f6bb9c9ce43c0999ebd2653145cf81b3ea582541f5f6c851c3bda02af4bf47d

Malware Config

Extracted

Family

formbook

C2

http://www.besteprobioticakopen.online/uszn/

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      0O9BJfVJi6fEMoS.exe

    • Size

      797KB

    • MD5

      18ec78e09155c046a203fb4dcbc3593f

    • SHA1

      40e67eef7c001a8752763616fc9a58170721c27a

    • SHA256

      01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

    • SHA512

      28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks