formbook

General

Target

Materials.exe
Size

550KB
Sample

210118-qzbhddgzce
MD5

3fa32441cdf20f227676163f2ddd66c4
SHA1

7b6bf423286a2096449015602d4d5db258866da6
SHA256

fe7c717b3f64d3c721f760c5d62cf09b7bfcdb8fcbf163e7958907a3d7b2dfad
SHA512

20985ad52ee625f6ded7a45f2a83f57ebf1db97abd10959d6cd30f1e404da7879cbf34630f3be70679183bf1dbd46795991c5a68f9c1eb9dd9bfb7a980b9da48

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.smallcoloradoweddings.com/kio8/

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

- Target
  
  Materials.exe
- Size
  
  550KB
- MD5
  
  3fa32441cdf20f227676163f2ddd66c4
- SHA1
  
  7b6bf423286a2096449015602d4d5db258866da6
- SHA256
  
  fe7c717b3f64d3c721f760c5d62cf09b7bfcdb8fcbf163e7958907a3d7b2dfad
- SHA512
  
  20985ad52ee625f6ded7a45f2a83f57ebf1db97abd10959d6cd30f1e404da7879cbf34630f3be70679183bf1dbd46795991c5a68f9c1eb9dd9bfb7a980b9da48
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2