formbook

General

Target

SKM_C3350191107102300.exe
Size

560KB
Sample

210114-wc837b4f6n
MD5

c5b91765063ed56b54eb8048711109bc
SHA1

4e62b1c4166d9f569a3d3dba845330e22cf4b23c
SHA256

ac23d4ba0e11c07488224b01abc734d353da88537ed55c945eec7a91a20216a4
SHA512

93a3746c89f36a2a3114d2d4e76525c9212f33d95725908ff991b828231e520f20ada1049d42ba8c3c0c2c8df2dfffb2c6837ea0a8382f740a55ca01dad2c0b6

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.4mzn-l1mit.com/x2ee/

Decoy

imarrawk.com

focusonyouwa.com

thedallygrind.com

hexa4shop.com

rebeccaroni.com

rocketmortgageliar.net

roomkoala.com

zewkr.com

gighomesale.com

xenonsunglasses.com

clqck.com

alittlereward.com

neuroeka.digital

gadgetsat.online

steigersteel.com

fsjdc.com

realnie-svingeri.site

directcare.pro

mo-kita.com

faxbbs.com

Targets

- Target
  
  SKM_C3350191107102300.exe
- Size
  
  560KB
- MD5
  
  c5b91765063ed56b54eb8048711109bc
- SHA1
  
  4e62b1c4166d9f569a3d3dba845330e22cf4b23c
- SHA256
  
  ac23d4ba0e11c07488224b01abc734d353da88537ed55c945eec7a91a20216a4
- SHA512
  
  93a3746c89f36a2a3114d2d4e76525c9212f33d95725908ff991b828231e520f20ada1049d42ba8c3c0c2c8df2dfffb2c6837ea0a8382f740a55ca01dad2c0b6
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2