formbook

General

Target

Consignment Document PL&BL Draft.exe
Size

460KB
Sample

210119-7vhwyt29qj
MD5

bf30d9af8aa63484e6fe1d73a184afd9
SHA1

cbc300068895405af8c9da413b7081cb0d281084
SHA256

c4527be43e6ad0e3eb7e8ca1bf26c120c0c5eef996716178a87bbe2b807efa57
SHA512

dc4bfa6810a1e9c4a33ae45088fc590b42c8ca6613d506ea5abc4b4b6bddac2165ee311d5ccd7058a4054ece2559df85e25c06f842e4e3f5f0e63322b02f3679

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.mwavpn.com/9bwn/

Decoy

italiancoastal.com

shareandfit.com

ibexacademia.com

guejek.com

vitalbizdev.com

connemaracomputers.com

surf-livre.com

styleforwoman.com

costcopaysecure.com

kingdomandqueendom.com

www-societegenerale.com

radiokerbfm.com

marylandstars.net

thechampionsday.com

beertenderb95.com

iybbshop.com

maglex.info

vh3g.asia

zaairobot.online

ryderhydros.com

Targets

- Target
  
  Consignment Document PL&BL Draft.exe
- Size
  
  460KB
- MD5
  
  bf30d9af8aa63484e6fe1d73a184afd9
- SHA1
  
  cbc300068895405af8c9da413b7081cb0d281084
- SHA256
  
  c4527be43e6ad0e3eb7e8ca1bf26c120c0c5eef996716178a87bbe2b807efa57
- SHA512
  
  dc4bfa6810a1e9c4a33ae45088fc590b42c8ca6613d506ea5abc4b4b6bddac2165ee311d5ccd7058a4054ece2559df85e25c06f842e4e3f5f0e63322b02f3679
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2