formbook

General

Target

099898892.exe
Size

1.2MB
Sample

210111-w8s2rysh3e
MD5

e1355062a95d23205f54d62d2e234f04
SHA1

6f142af7118a4275e242c1f1a15c28242f2387b1
SHA256

7579eb3b30e6ca9d30da39ab0160dee37f64b7cfd8c60610c0acd5b2c918ea45
SHA512

a9ea538b32affe28adda41153adf04a42f11371a49be28b17d825d740e4c2564bf7786a64f86c8a06e6cd2f8261a48870fa02147bf9e0f9ea809e9d4a5c138bf

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.brandonprattdrums.com/nt8e/

Decoy

cfwg123.com

gazipasadan.xyz

careogeen.com

zitatewelten.com

thecvpro.com

viltais.com

benimed.today

rogerecameron.com

courtclassesathome.com

yakin-hm.com

vidasanayprospera.com

mandirana.com

skybluebet.com

rescuedpetsarewonderful.com

solisdq.info

affiliateside.com

homewellliving.com

missteenroyaluniverse.com

bajrangproperties.com

bundleobliss.com

Targets

- Target
  
  099898892.exe
- Size
  
  1.2MB
- MD5
  
  e1355062a95d23205f54d62d2e234f04
- SHA1
  
  6f142af7118a4275e242c1f1a15c28242f2387b1
- SHA256
  
  7579eb3b30e6ca9d30da39ab0160dee37f64b7cfd8c60610c0acd5b2c918ea45
- SHA512
  
  a9ea538b32affe28adda41153adf04a42f11371a49be28b17d825d740e4c2564bf7786a64f86c8a06e6cd2f8261a48870fa02147bf9e0f9ea809e9d4a5c138bf
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2