formbook

General

Target

anthony.exe
Size

389KB
Sample

201209-ep6zekhmkn
MD5

aa078a3e0ae224567676780e445d0987
SHA1

1a41de109b5ffc1b76d88435e4c1b86d6014361f
SHA256

881dc085a9c46e3e31ad8189720dc6e16a7f3b40a6de30d6cadd088c0f769bec
SHA512

28601887427c5a7eaf6e260fa858599030b91a5fc5643abbdca28081ef59747be591690f3f7ee27f4f63af8b389367ccfc440f1f7bcd8ff51497c6572251bc0e

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.wellnesspharma.net/94sb/

Decoy

kaligao.com

springsbounce.com

dreamytree.com

trylolows.com

butload.info

creperie-pancakesquare.com

mirajions.com

joineduphealthresources.net

hamradioblogs.com

linghuidz.com

atelierzeste.com

tweens.network

perteprampram03.net

connorneill.com

nannatech.com

chrmo.com

nanoring.info

mapomarket.com

bongkey.com

sdhhzp.com

Targets

- Target
  
  anthony.exe
- Size
  
  389KB
- MD5
  
  aa078a3e0ae224567676780e445d0987
- SHA1
  
  1a41de109b5ffc1b76d88435e4c1b86d6014361f
- SHA256
  
  881dc085a9c46e3e31ad8189720dc6e16a7f3b40a6de30d6cadd088c0f769bec
- SHA512
  
  28601887427c5a7eaf6e260fa858599030b91a5fc5643abbdca28081ef59747be591690f3f7ee27f4f63af8b389367ccfc440f1f7bcd8ff51497c6572251bc0e
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2