formbook

General

Target

Statement Of Account.exe
Size

893KB
Sample

210119-8bk1rdnk2s
MD5

436bfad859d57c0546982a3abf01e069
SHA1

bf2362cc3d66a764cc844ae17d820ae2f330abdc
SHA256

9763034a6f6e93c907471ca361e619f5fe5ec0b3aeb301cd046bd877c62aaea7
SHA512

26411a26de168fbc0dd5db590679570b77daf0ccb6fe8aafc8340bae8488a515a710dcc0234ff7ee23fa158df68d43353afaf20fc401cfc977ccbd30dc1036d4

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.elridgeandandrea.com/sz0m/

Decoy

wttmetroethernet.com

ybeautyinc.com

blackswan-ai.com

elitebettingnews.com

marialangarica.com

ra1nshot.space

sdkunlei.com

lingkarindonesia.com

acceptcreditcardaz.com

yantaifootball.com

checkmysocialcreditscore.com

masjovemestanoite.com

brandtalkspodcast.com

moneymethod.xyz

77js222.com

fuyang3.com

ptypty.com

entre-puneur.com

yes8168.com

lightuniverse-ity.com

Targets

- Target
  
  Statement Of Account.exe
- Size
  
  893KB
- MD5
  
  436bfad859d57c0546982a3abf01e069
- SHA1
  
  bf2362cc3d66a764cc844ae17d820ae2f330abdc
- SHA256
  
  9763034a6f6e93c907471ca361e619f5fe5ec0b3aeb301cd046bd877c62aaea7
- SHA512
  
  26411a26de168fbc0dd5db590679570b77daf0ccb6fe8aafc8340bae8488a515a710dcc0234ff7ee23fa158df68d43353afaf20fc401cfc977ccbd30dc1036d4
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2