formbook | 69ba51c4fa9631796b399c3ecba7a440bd5beca95c24bd3fcc06b501893f5c72 | Triage

Sharing

General

Target

NEW COMPLIANCE 18.01.2021.xlsx
Size

2.1MB
Sample

210118-9ygbbpg7s2
MD5

c027e83f6c746837fe6d7577a81fd050
SHA1

172e1532e621272dcf7389b3c9e90a5dcbf266b4
SHA256

69ba51c4fa9631796b399c3ecba7a440bd5beca95c24bd3fcc06b501893f5c72
SHA512

91a1af35f3e8d950fc18e310b2f6f6032224d6a37c174f4f24a5fa8a24b47c8e31a70d818d705afba911478d50364fe32a4fadcea6f39a288842f81e2fc4eb74

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  NEW COMPLIANCE 18.01.2021.xlsx
- Size
  
  2.1MB
- MD5
  
  c027e83f6c746837fe6d7577a81fd050
- SHA1
  
  172e1532e621272dcf7389b3c9e90a5dcbf266b4
- SHA256
  
  69ba51c4fa9631796b399c3ecba7a440bd5beca95c24bd3fcc06b501893f5c72
- SHA512
  
  91a1af35f3e8d950fc18e310b2f6f6032224d6a37c174f4f24a5fa8a24b47c8e31a70d818d705afba911478d50364fe32a4fadcea6f39a288842f81e2fc4eb74
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2