formbook

General

Target

FtLroeD5Kmr6rNC.exe
Size

734KB
Sample

210113-tkn9k7tcn6
MD5

c8208e09703f024933544517fb4db4a3
SHA1

0f6b53720c7556d04c5fed4b07084f86fd115480
SHA256

ee4b567e9ec4039e3494f812a70c14c02865b600a2356e3f5906ac520242839f
SHA512

637668d98a88d73b496fb5c3fb928ab018ece33947cacf8ca7cb42d3874967d07cc995357b8710bc451d1301bb0e41e5000cdfa4f56548f7b983313fd49b358e

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.asicprominer.com/umSa/

Decoy

lessensations.com

growcerybank.com

rvworkforce.com

djangosports.com

jgrosinger.com

tongjiash.com

rianebrady.com

xiaoxu.info

allwaysautism.com

couturev.com

dantedikhali.com

sagamoreca.com

sandisyardsale.com

happizi.com

moonchildboxco.store

maquillajembp.com

sojubythebay.com

verdexwellness.com

authenticperiod.cloud

bitpreserve.com

Targets

- Target
  
  FtLroeD5Kmr6rNC.exe
- Size
  
  734KB
- MD5
  
  c8208e09703f024933544517fb4db4a3
- SHA1
  
  0f6b53720c7556d04c5fed4b07084f86fd115480
- SHA256
  
  ee4b567e9ec4039e3494f812a70c14c02865b600a2356e3f5906ac520242839f
- SHA512
  
  637668d98a88d73b496fb5c3fb928ab018ece33947cacf8ca7cb42d3874967d07cc995357b8710bc451d1301bb0e41e5000cdfa4f56548f7b983313fd49b358e
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2