formbook

General

Target

Solicitud de presupuesto.exe
Size

463KB
Sample

210114-ed6y8patjn
MD5

c210b2139d4b19d8f5f737f45e893289
SHA1

c02471a24902a11779cef4cec8b0bd9d7de813dc
SHA256

8dcbbb73c0afe52777190faea7b3c0c5bf89407a20d1e24784e7afe7f163ba1a
SHA512

336fcfdf875fdaa9cabe9794598c74908d76139fc2bfbac84cf90b67f78940c63f67a605f584ad6d354f62763d0b72b1b3a772f8a6d3c523eed8ecac686f5449

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.smallcoloradoweddings.com/kio8/

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

- Target
  
  Solicitud de presupuesto.exe
- Size
  
  463KB
- MD5
  
  c210b2139d4b19d8f5f737f45e893289
- SHA1
  
  c02471a24902a11779cef4cec8b0bd9d7de813dc
- SHA256
  
  8dcbbb73c0afe52777190faea7b3c0c5bf89407a20d1e24784e7afe7f163ba1a
- SHA512
  
  336fcfdf875fdaa9cabe9794598c74908d76139fc2bfbac84cf90b67f78940c63f67a605f584ad6d354f62763d0b72b1b3a772f8a6d3c523eed8ecac686f5449
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2