formbook

General

Target

20210111 Virginie.exe
Size

1.0MB
Sample

210113-qa5adcl2ya
MD5

75ad92105a21f723cab80577de7ce4f7
SHA1

e6ae412993f371e70418fc256ca8259eea45b668
SHA256

924408349b7b3075a26d4e8408698ab07fc74ada1e94dbe35e6297e957724027
SHA512

af6ff25d6c970789623afebc71a0113527dc9fcd00eb39c7f5bb4a61fc497bb5167a4b5fc03a6a38ead8b303dd716562239303117ecbf63aafe761bdf11501e8

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.lensinlens.com/ehxh/

Decoy

financialaccompany.com

face2bouk.com

blazedisinfecting.com

providaconsultinggroup.com

distriautosdelpacifico.com

myaduhelm.com

thangmaygiatot.com

nuevasantatecla.com

endpedophiles.com

alwanps.com

anzi-studio.com

twoswinginghammers.com

curbedinc.com

purecleantn.com

4levelsplit.com

talklinecall.com

egypte-vakanties.com

xzntfwof.icu

sosyoclassic.com

adjoalearningacademy.com

Targets

- Target
  
  20210111 Virginie.exe
- Size
  
  1.0MB
- MD5
  
  75ad92105a21f723cab80577de7ce4f7
- SHA1
  
  e6ae412993f371e70418fc256ca8259eea45b668
- SHA256
  
  924408349b7b3075a26d4e8408698ab07fc74ada1e94dbe35e6297e957724027
- SHA512
  
  af6ff25d6c970789623afebc71a0113527dc9fcd00eb39c7f5bb4a61fc497bb5167a4b5fc03a6a38ead8b303dd716562239303117ecbf63aafe761bdf11501e8
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2