formbook | 6f5b5a509984fec1db8a161cb82c74ead7bcdd7fb2f683e3a7c0ed69c70c69b6 | Triage

Sharing

General

Target

PO890299700006.xlsx
Size

1.6MB
Sample

210112-6kpcxszje2
MD5

2103ff7e24639940bd798329f87cc01b
SHA1

4791c53bc2f80cc3a57e21d02af58acad7be6bd4
SHA256

6f5b5a509984fec1db8a161cb82c74ead7bcdd7fb2f683e3a7c0ed69c70c69b6
SHA512

56c5f5685de78321e67758d60184fabd47e768a37e0f78e90a13823ca61bf71517608c55d073a960f9b2e3bd726fba073ed30a427a164941bee91ab0ea26a7ad

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.bodyfuelrtd.com/8rg4/

Decoy

fakecostasunglasses.com

twinbrothers.pizza

jizhoujsp.com

qscrit.com

hotelmanise.com

fer-ua.online

europserver-simcloud.systems

redwap2.pro

betwalkoffame.com

latashalovemillionaire.com

8million-lr.com

tomatrader.com

modaluxcutabovefitness.com

shishijiazu.com

cckytx.com

reversehomeloansmiami.com

imaginenationnetwork.com

thecyclistshop.com

jorgegiljewelry.com

hlaprotiens.com

Targets

- Target
  
  PO890299700006.xlsx
- Size
  
  1.6MB
- MD5
  
  2103ff7e24639940bd798329f87cc01b
- SHA1
  
  4791c53bc2f80cc3a57e21d02af58acad7be6bd4
- SHA256
  
  6f5b5a509984fec1db8a161cb82c74ead7bcdd7fb2f683e3a7c0ed69c70c69b6
- SHA512
  
  56c5f5685de78321e67758d60184fabd47e768a37e0f78e90a13823ca61bf71517608c55d073a960f9b2e3bd726fba073ed30a427a164941bee91ab0ea26a7ad
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2