formbook

General

Target

404e118191842e0697f2c29b98330d65.exe
Size

1.1MB
Sample

210113-wc293n918j
MD5

404e118191842e0697f2c29b98330d65
SHA1

07c0de4ad963fbd367b61fe5a1764d1242701ced
SHA256

985306a8b7a5cb0604af6bbbddea16f334b17bcec4c5477bdfdb0330ed66b674
SHA512

1da5f922d37f111f0be07556635068be757e3e164b502ab630f3ccfa4f3df48895decab0f95c1be7c2ebb3dc8bc68805af7765ca5f5b8fc986d1db93aa1e29f6

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.stonescapes1.com/de92/

Decoy

zindaginews.com

tyelevator.com

schustermaninterests.com

algemixdelchef.com

doubscollectivites.com

e-butchery.com

hellbentmask.com

jumbpprivacy.com

teeniestiedye.com

playfulartwork.com

desertvacahs.com

w5470-hed.net

nepalearningpods.com

smoothandsleek.com

thecannaglow.com

torrentkittyla.com

industrytoyou.com

raquelvargas.net

rlc-nc.net

cryptoprises.com

Targets

- Target
  
  404e118191842e0697f2c29b98330d65.exe
- Size
  
  1.1MB
- MD5
  
  404e118191842e0697f2c29b98330d65
- SHA1
  
  07c0de4ad963fbd367b61fe5a1764d1242701ced
- SHA256
  
  985306a8b7a5cb0604af6bbbddea16f334b17bcec4c5477bdfdb0330ed66b674
- SHA512
  
  1da5f922d37f111f0be07556635068be757e3e164b502ab630f3ccfa4f3df48895decab0f95c1be7c2ebb3dc8bc68805af7765ca5f5b8fc986d1db93aa1e29f6
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2