formbook

General

Target

70747f5955df1f8a7012cbe5d37c516f.exe
Size

644KB
Sample

210115-9jr44nzvs2
MD5

70747f5955df1f8a7012cbe5d37c516f
SHA1

8a4edf21b160f31bc6d9b1d02d343e3bf5fcfd2e
SHA256

6a042012f4233929b8f5fbf73f4b958e39f2fb60d73c1d758753dd07508ef8e1
SHA512

0d84482c736c33eb5e8fc48ef1350dde530b6fbc76440dde906e31cf681631581642cd601bffbaab31fd54296489754814548f56d6c3e2a2c532b1af37309a90

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.thejusticeadvantageseminars.com/qccq/

Decoy

webuynyhouses.com

love-nepal.com

gardening-mistakes.com

495honda.com

newcuus.com

alefinvest.com

delhikigully.com

aznri4z9gtky4.net

hanswiemannbyaderans.com

mecaldiesel.com

akshen.net

y-agency.net

ahrohishrestha.com

arthalvorsonforcongress.com

mvmcompany.net

qyjjsk.com

yescoop.com

esergedrghwebrgqrq.xyz

kellyharmonedconsulting.com

deliciosatentacion.com

Targets

- Target
  
  70747f5955df1f8a7012cbe5d37c516f.exe
- Size
  
  644KB
- MD5
  
  70747f5955df1f8a7012cbe5d37c516f
- SHA1
  
  8a4edf21b160f31bc6d9b1d02d343e3bf5fcfd2e
- SHA256
  
  6a042012f4233929b8f5fbf73f4b958e39f2fb60d73c1d758753dd07508ef8e1
- SHA512
  
  0d84482c736c33eb5e8fc48ef1350dde530b6fbc76440dde906e31cf681631581642cd601bffbaab31fd54296489754814548f56d6c3e2a2c532b1af37309a90
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2