formbook

General

Target

dir2.exe
Size

1.5MB
Sample

210118-jlqsv4tt1s
MD5

ac44dce1ac1b90aec13f71bed7a27f14
SHA1

baadfc03a182da09e604235679cdde0feae32e28
SHA256

10d1e607e170563551b4dc8ce160b907067143b8222418cab17620481c3471c9
SHA512

435e10cd48ee663a28912aeb8dc13fb9cb09ee86a92113f2d88f75548b969378881de60eaf72e694f3c49db1cc040c1fa0aea8f8fceeb05cb492c32d0a2ad731

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  dir2.exe
- Size
  
  1.5MB
- MD5
  
  ac44dce1ac1b90aec13f71bed7a27f14
- SHA1
  
  baadfc03a182da09e604235679cdde0feae32e28
- SHA256
  
  10d1e607e170563551b4dc8ce160b907067143b8222418cab17620481c3471c9
- SHA512
  
  435e10cd48ee663a28912aeb8dc13fb9cb09ee86a92113f2d88f75548b969378881de60eaf72e694f3c49db1cc040c1fa0aea8f8fceeb05cb492c32d0a2ad731
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2