formbook

General

Target

Packing list • Invoice • Country of origin.exe
Size

377KB
Sample

210115-we2f21kvba
MD5

573ad7a8627f24f2e6fc4aa3c53f6328
SHA1

2e292b7e6f41b0fd7dd31424989e5640f6e41e38
SHA256

b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086
SHA512

750436f6da6c8daed66b61433789dc6a76a49bab86f2d5ef43434d9e77ed702ea5cc020981d9382b2ec8f1c0584d6600897efa67763e513a2569417e54222bc3

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.4mzn-l1mit.com/x2ee/

Decoy

imarrawk.com

focusonyouwa.com

thedallygrind.com

hexa4shop.com

rebeccaroni.com

rocketmortgageliar.net

roomkoala.com

zewkr.com

gighomesale.com

xenonsunglasses.com

clqck.com

alittlereward.com

neuroeka.digital

gadgetsat.online

steigersteel.com

fsjdc.com

realnie-svingeri.site

directcare.pro

mo-kita.com

faxbbs.com

Targets

- Target
  
  Packing list • Invoice • Country of origin.exe
- Size
  
  377KB
- MD5
  
  573ad7a8627f24f2e6fc4aa3c53f6328
- SHA1
  
  2e292b7e6f41b0fd7dd31424989e5640f6e41e38
- SHA256
  
  b4a9843d6c2869da17c9fb36d3aae7b869f3df444280943e07f3944f6408f086
- SHA512
  
  750436f6da6c8daed66b61433789dc6a76a49bab86f2d5ef43434d9e77ed702ea5cc020981d9382b2ec8f1c0584d6600897efa67763e513a2569417e54222bc3
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2