formbook

General

Target

quotation.exe
Size

480KB
Sample

210112-97d7gff6vj
MD5

b8b31b2dfb196bcb986dddf77bd5c7d9
SHA1

ff124d255fdd65fb6bc7071af8126557e777975a
SHA256

c826a0b0506ddc4d93aba9f41ed795a88cca8bdb8c54f4af5d8dbdf9767e9ad3
SHA512

7eda7d2dc17ceef9a4fd1a0c6c9e9634e861bab4919312230733e5c2772d09de9a25ce43397de018614bc7e48ce416d56e7dfdbc7307b36da9d7ffe8c4e0b9ab

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.4mzn-l1mit.com/x2ee/

Decoy

imarrawk.com

focusonyouwa.com

thedallygrind.com

hexa4shop.com

rebeccaroni.com

rocketmortgageliar.net

roomkoala.com

zewkr.com

gighomesale.com

xenonsunglasses.com

clqck.com

alittlereward.com

neuroeka.digital

gadgetsat.online

steigersteel.com

fsjdc.com

realnie-svingeri.site

directcare.pro

mo-kita.com

faxbbs.com

Targets

- Target
  
  quotation.exe
- Size
  
  480KB
- MD5
  
  b8b31b2dfb196bcb986dddf77bd5c7d9
- SHA1
  
  ff124d255fdd65fb6bc7071af8126557e777975a
- SHA256
  
  c826a0b0506ddc4d93aba9f41ed795a88cca8bdb8c54f4af5d8dbdf9767e9ad3
- SHA512
  
  7eda7d2dc17ceef9a4fd1a0c6c9e9634e861bab4919312230733e5c2772d09de9a25ce43397de018614bc7e48ce416d56e7dfdbc7307b36da9d7ffe8c4e0b9ab
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2