General

  • Target

    0O9BJfVJi6fEMoS.exe

  • Size

    797KB

  • Sample

    210223-p1c7wr1vka

  • MD5

    18ec78e09155c046a203fb4dcbc3593f

  • SHA1

    40e67eef7c001a8752763616fc9a58170721c27a

  • SHA256

    01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

  • SHA512

    28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

Malware Config

Extracted

Family

formbook

C2

http://www.besteprobioticakopen.online/uszn/

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      0O9BJfVJi6fEMoS.exe

    • Size

      797KB

    • MD5

      18ec78e09155c046a203fb4dcbc3593f

    • SHA1

      40e67eef7c001a8752763616fc9a58170721c27a

    • SHA256

      01c5ac824171a164473d92187f8031f2bc7103397fe534f56771d8e9589445e0

    • SHA512

      28801c6b546515f4fb67f199f70b160dffb41434bcb465f92d3f20dbad698194f162b443571ea267a1dd7c7ef0bcaf4bb82116c37d3a83433f9d3de28083234e

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks