formbook

General

Target

96fa311b1fcfadc7cf9f561f8f36fab6.exe
Size

707KB
Sample

210112-1pbxshmtjj
MD5

96fa311b1fcfadc7cf9f561f8f36fab6
SHA1

81d26b7172cea8c35f5f4c7abac75f7ed4979506
SHA256

51b0b3909d415002f11d8301a4a57e60c0b111c4a99685bf0008bd43d2b1fdfb
SHA512

ec757996dcfb2125b8ed41eef47b105b190678ce6d7209ced0589111c8bb6e6b342e4094deaf119477b895b656d639a0cd03787f7eb24f282f7739d10b5b380c

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.stonescapes1.com/de92/

Decoy

zindaginews.com

tyelevator.com

schustermaninterests.com

algemixdelchef.com

doubscollectivites.com

e-butchery.com

hellbentmask.com

jumbpprivacy.com

teeniestiedye.com

playfulartwork.com

desertvacahs.com

w5470-hed.net

nepalearningpods.com

smoothandsleek.com

thecannaglow.com

torrentkittyla.com

industrytoyou.com

raquelvargas.net

rlc-nc.net

cryptoprises.com

Targets

- Target
  
  96fa311b1fcfadc7cf9f561f8f36fab6.exe
- Size
  
  707KB
- MD5
  
  96fa311b1fcfadc7cf9f561f8f36fab6
- SHA1
  
  81d26b7172cea8c35f5f4c7abac75f7ed4979506
- SHA256
  
  51b0b3909d415002f11d8301a4a57e60c0b111c4a99685bf0008bd43d2b1fdfb
- SHA512
  
  ec757996dcfb2125b8ed41eef47b105b190678ce6d7209ced0589111c8bb6e6b342e4094deaf119477b895b656d639a0cd03787f7eb24f282f7739d10b5b380c
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2