formbook

General

Target

3e3d35afbf473c5ed5aec39aba52346f.exe
Size

827KB
Sample

210114-ep3e8ntxga
MD5

3e3d35afbf473c5ed5aec39aba52346f
SHA1

4b47ee201ab67fd115667b0d061a282ed5ffb2f4
SHA256

1d2cf0287f43172cf4b7e250574319fa36b733e98878622e2ea016f5c0437679
SHA512

2c5620c3866a7e8e065e9fb48196236d2e6e7a24e1a23fe241c20d8ae7b3d15be36d8ee5adc5faf1989138a46734cfc9572334dc8a5906f4e9a2b5c668549778

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.stonescapes1.com/de92/

Decoy

zindaginews.com

tyelevator.com

schustermaninterests.com

algemixdelchef.com

doubscollectivites.com

e-butchery.com

hellbentmask.com

jumbpprivacy.com

teeniestiedye.com

playfulartwork.com

desertvacahs.com

w5470-hed.net

nepalearningpods.com

smoothandsleek.com

thecannaglow.com

torrentkittyla.com

industrytoyou.com

raquelvargas.net

rlc-nc.net

cryptoprises.com

Targets

- Target
  
  3e3d35afbf473c5ed5aec39aba52346f.exe
- Size
  
  827KB
- MD5
  
  3e3d35afbf473c5ed5aec39aba52346f
- SHA1
  
  4b47ee201ab67fd115667b0d061a282ed5ffb2f4
- SHA256
  
  1d2cf0287f43172cf4b7e250574319fa36b733e98878622e2ea016f5c0437679
- SHA512
  
  2c5620c3866a7e8e065e9fb48196236d2e6e7a24e1a23fe241c20d8ae7b3d15be36d8ee5adc5faf1989138a46734cfc9572334dc8a5906f4e9a2b5c668549778
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2