formbook

General

Target

1c68b56f273eab047eccce3cbad492a5.exe
Size

885KB
Sample

210118-h2qa89cgbe
MD5

1c68b56f273eab047eccce3cbad492a5
SHA1

76598e8315496d2bfcaa35edd12f521483ff5c31
SHA256

6961aeab02e7dafda1e2f16e9ec88fd5dce6199925a71f22657a2c48627ae087
SHA512

7f24e6f61a86314e91275d4492b74659ca34f036fb32c20eccaebd68410a228dae3d1bca2f6faa74933692b50a19aca693b3c5ca803c3717175e19b58d1ba6e6

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.kaiyuansu.pro/incn/

Decoy

1bovvfk93jd.com

enlightenedhealthcoaching.com

findthatsmartphone.com

intelligentsystemsus.com

xn--lmsealamientos-tnb.com

eot0luh5ia.men

babanewshop.com

beyond-bit.com

meritane.com

buythinsecret.com

c2ornot.com

twelvesband.com

rktlends.com

bourseandish.com

happyshop88.com

topangacanyonvintage.com

epersonalloansonline.com

roofers-anaheim.com

shanghaiys.net

bickel.wtf

Targets

- Target
  
  1c68b56f273eab047eccce3cbad492a5.exe
- Size
  
  885KB
- MD5
  
  1c68b56f273eab047eccce3cbad492a5
- SHA1
  
  76598e8315496d2bfcaa35edd12f521483ff5c31
- SHA256
  
  6961aeab02e7dafda1e2f16e9ec88fd5dce6199925a71f22657a2c48627ae087
- SHA512
  
  7f24e6f61a86314e91275d4492b74659ca34f036fb32c20eccaebd68410a228dae3d1bca2f6faa74933692b50a19aca693b3c5ca803c3717175e19b58d1ba6e6
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2