formbook

General

Target

Doc_74657456348374.xlsx.exe
Size

731KB
Sample

210112-df7h2yend2
MD5

1e8f1e78b590bd90b327429d233c2fe9
SHA1

83eb02aa8a04deb275763d0ca93b130241d241a2
SHA256

180444e71cfbd639cea07e4cdc28099a444839f5ad3eb024b87dc9664fdfd5ec
SHA512

fb6133a86040405c7063effed12866f9964ff3fe323726624806c3f718296de9fa9930235acb4ef28090fa2bc9c5194bc4f0bb9e0b29399f0ffc936c40025c55

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.mczx.net/hpg3/

Decoy

icheapwdshop.com

ilhemayad.com

visionaries-global.com

bondibootybuilder.com

largeprintonline.com

imoney.life

yin.finance

serrurier-depannage-lyon.com

bettar.xyz

robet89.com

sxqfuisju.icu

dveri-interior.com

propertyexpertsmiami.com

tawetap.com

agencykiller.pro

usableclassics.com

elocdigital.com

tronelite.com

aeshahcosmetics.com

comproticket.com

Targets

- Target
  
  Doc_74657456348374.xlsx.exe
- Size
  
  731KB
- MD5
  
  1e8f1e78b590bd90b327429d233c2fe9
- SHA1
  
  83eb02aa8a04deb275763d0ca93b130241d241a2
- SHA256
  
  180444e71cfbd639cea07e4cdc28099a444839f5ad3eb024b87dc9664fdfd5ec
- SHA512
  
  fb6133a86040405c7063effed12866f9964ff3fe323726624806c3f718296de9fa9930235acb4ef28090fa2bc9c5194bc4f0bb9e0b29399f0ffc936c40025c55
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2