formbook

General

Target

6a763ed09b2fd9f663bcb0af7b17d492.exe
Size

825KB
Sample

210114-wxxtx7f73j
MD5

6a763ed09b2fd9f663bcb0af7b17d492
SHA1

6f6919dd3ae4f7fbefc51f8bfc280078a7634bee
SHA256

ba2963b7da8a1df3e40441825654972ce2a5903c9f27bc081e42795c296c80eb
SHA512

f87f4d58a02cf9ddbb4cda9e0309ebd393b4f98dc63baad92559cd7d932c2af4c52b64faa8774f040a994fa158619df14e7f2e1dc48de7c45714840291aa968a

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  6a763ed09b2fd9f663bcb0af7b17d492.exe
- Size
  
  825KB
- MD5
  
  6a763ed09b2fd9f663bcb0af7b17d492
- SHA1
  
  6f6919dd3ae4f7fbefc51f8bfc280078a7634bee
- SHA256
  
  ba2963b7da8a1df3e40441825654972ce2a5903c9f27bc081e42795c296c80eb
- SHA512
  
  f87f4d58a02cf9ddbb4cda9e0309ebd393b4f98dc63baad92559cd7d932c2af4c52b64faa8774f040a994fa158619df14e7f2e1dc48de7c45714840291aa968a
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2