formbook

General

Target

SEA LION LOGISTICS-URGENT QUOTATION.exe
Size

1.8MB
Sample

210111-m9msg391ln
MD5

cbde8f396859b03c0b93cd90f91f9871
SHA1

932cfac1b0fdd4883ce400e4520774931aa4add1
SHA256

6c595ae0af40886a5d0e907120894e72fadef005a527230b5c28a3e2767789f1
SHA512

22de018d21f6b38a864cb32537e476c00cf77320c230b09ab63796ad589c1a1d9a3bb2d48bc9d9c1a4563e007904925a20208a16db64ab13b11d1423e5819e48

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.smithsreddogranch.com/oge8/

Decoy

for-the-moments.com

bethumping.com

kinetickalling.com

aquilia-wine.com

xn--d1abobxhbdm8h.xn--p1acf

nunage.com

petrocabo.com

shredtilbed.com

itspethaw.com

identifiant-espacepostale.info

humanmasterpiece.com

vvww2.online

amaflixtv.com

mikaelabeselinteriors.com

coulingeholstein.com

room5mac.net

allindiasmm.com

payardi.com

mingjiuhb.com

rt-p-c-15a9-8zzm-xk7d.com

Targets

- Target
  
  SEA LION LOGISTICS-URGENT QUOTATION.exe
- Size
  
  1.8MB
- MD5
  
  cbde8f396859b03c0b93cd90f91f9871
- SHA1
  
  932cfac1b0fdd4883ce400e4520774931aa4add1
- SHA256
  
  6c595ae0af40886a5d0e907120894e72fadef005a527230b5c28a3e2767789f1
- SHA512
  
  22de018d21f6b38a864cb32537e476c00cf77320c230b09ab63796ad589c1a1d9a3bb2d48bc9d9c1a4563e007904925a20208a16db64ab13b11d1423e5819e48
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2