formbook

General

Target

SWIFT Payment DOOEL EUR 74,246.41 20210101950848.exe
Size

895KB
Sample

210119-1872j4y4f6
MD5

b8ead540e40416915bd3f6134f2017bb
SHA1

e74cf3642e4bd4b3f616bc5230edd5312d97ecfc
SHA256

201f068c15e749ce1d3bd1a8e48909a9b0e8e5b0774b0eb2abc9096449fdbe67
SHA512

1e5631249b531d0abf6f3603016ec1e06d3efe55bae91c8db116ab5c94f126473448bf78338163a8cbc526bb168d70933014222150afbb9270a08303f0963002

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.boundlesshealthyliving.com/isub/

Decoy

beeyoubc.net

nimbleangel.com

woninghuurcuracao.com

hair2dye4.academy

affordablebothell.com

maglex.info

jacykretas.com

toushiys.com

gfitzfreetestcloud.com

sisuluzinterior.com

sunshipinvestments.com

lulenahairco.com

shangchen33.com

ocase24.com

shamanicsound.com

newbharatbakery.com

imratingit.net

twinningtreats.com

btzmed.com

bedtimewish.com

Targets

- Target
  
  SWIFT Payment DOOEL EUR 74,246.41 20210101950848.exe
- Size
  
  895KB
- MD5
  
  b8ead540e40416915bd3f6134f2017bb
- SHA1
  
  e74cf3642e4bd4b3f616bc5230edd5312d97ecfc
- SHA256
  
  201f068c15e749ce1d3bd1a8e48909a9b0e8e5b0774b0eb2abc9096449fdbe67
- SHA512
  
  1e5631249b531d0abf6f3603016ec1e06d3efe55bae91c8db116ab5c94f126473448bf78338163a8cbc526bb168d70933014222150afbb9270a08303f0963002
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2