formbook

General

Target

3KvCNpcQ6tvwKr5.exe
Size

894KB
Sample

210119-3f5gy3nxq2
MD5

03c67a5a09e3a472b5ac1db3e64f36dd
SHA1

ed818f401e5d67f1351fd94d121c0a64739bcba9
SHA256

f1422701954b6c0116802819526ba75f414beda5419f80445d321885d8732473
SHA512

6d7279cfc5a9e68c1f8c9aa39d4f2208487a42bbd967337a25611513efcf10e1dd7d27a04aeae84bd1a131c068b5d5f2a121bdadbed94927bd590a8bf35412a9

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.allismd.com/ur06/

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

Targets

- Target
  
  3KvCNpcQ6tvwKr5.exe
- Size
  
  894KB
- MD5
  
  03c67a5a09e3a472b5ac1db3e64f36dd
- SHA1
  
  ed818f401e5d67f1351fd94d121c0a64739bcba9
- SHA256
  
  f1422701954b6c0116802819526ba75f414beda5419f80445d321885d8732473
- SHA512
  
  6d7279cfc5a9e68c1f8c9aa39d4f2208487a42bbd967337a25611513efcf10e1dd7d27a04aeae84bd1a131c068b5d5f2a121bdadbed94927bd590a8bf35412a9
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2