formbook | 912c691be61c217574cd5f37c83dda7eaf696427bc278e29e257f4e55e95a4c5 | Triage

Sharing

General

Target

Arrival notice.xlsx
Size

1.4MB
Sample

210113-fxe44eeqqa
MD5

75048d6eb28c8c180ed6adbb7b97e045
SHA1

7d86a5a15b22f53edb166d96edc87526256e167e
SHA256

912c691be61c217574cd5f37c83dda7eaf696427bc278e29e257f4e55e95a4c5
SHA512

b535e75c95ebfeb473158175c7443960cd0440cb4576ebaf3a330efe6b5cbf11d1421d17e3db68d3643344d827fdf0f4366dad9434c0f1b4f71ad9600038df04

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.classifoods.com/oean/

Decoy

keboate.club

whitehatiq.com

loimtech.com

icaroagencia.com

snigglez.com

noreservationsxpress.com

villacascabel.com

5037adairway.com

growingequity.fund

stafffully.com

bingent.info

tmssaleguarantee.com

neonatalfeedrates.com

george-beauty.com

oraghallaighjourney.net

zunutrition.com

sylkysmooveentertainment.com

ddmns6tzey2d.com

dvcstay.com

304shaughnessygreen.info

Targets

- Target
  
  Arrival notice.xlsx
- Size
  
  1.4MB
- MD5
  
  75048d6eb28c8c180ed6adbb7b97e045
- SHA1
  
  7d86a5a15b22f53edb166d96edc87526256e167e
- SHA256
  
  912c691be61c217574cd5f37c83dda7eaf696427bc278e29e257f4e55e95a4c5
- SHA512
  
  b535e75c95ebfeb473158175c7443960cd0440cb4576ebaf3a330efe6b5cbf11d1421d17e3db68d3643344d827fdf0f4366dad9434c0f1b4f71ad9600038df04
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2