formbook | cadb48c6d6cb9a5806bb74899c4837916538e2b9257dcc0f28640cc8179fd391 | Triage

Submit
Reports

Overview

overview

Static

static

Pre-order.xlsx

windows7_x64

Pre-order.xlsx

windows10_x64

1

Sharing

General

Target

Pre-order.xlsx
Size

2.2MB
Sample

210119-a2zqs8nyze
MD5

ff38cf4d7025c0a5be3d81ac520c498b
SHA1

2ad3bf55a7ac4c636ecdf1b703d46afd190b9525
SHA256

cadb48c6d6cb9a5806bb74899c4837916538e2b9257dcc0f28640cc8179fd391
SHA512

039351f7634ef17c18047c4f1e4fa2be2e71660f814019c014e69900f3a4fcc4c9153a1656d4e1ae15ad5203a2db5a2679922fe6716a1ccfef316b1a7217a0f9

Score

10^/10

formbook xloader loader rat spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Pre-order.xlsx

Resource

win7v20201028

formbook xloader loader rat spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Pre-order.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.douzhuan168.com/o8na/

Decoy

www1669099.com

digitalallserv.com

thiszzzwq.info

dallasoswalt.info

ladolcefesta.com

mariamalikially.com

origenbsas.com

antichoc.watch

tropicalbirdtoys.com

bbluedotvrwdbuy.com

racevx.xyz

ut-trustandwill.com

maximumhomeoffers.com

wrapname.com

hypelighystrip.com

oshoum2020.com

parkwestmi.com

themodumall.com

tempuslawnandsnow.com

dailypromo.xyz

prebrands.com

thejoshuareport.com

coffincouturecosmetics.com

myfreshpoultry.com

vpndojo.com

ke9s.com

thediabeticsdomain.com

ukfrtff.icu

thedesertseen.com

patasasociacioncanina.com

bmw-cdsummit.com

darrelbrodkemd.com

tequilau.com

hurricanelauraclaim.net

launchangl.com

rdcwellness.com

vannityboxx.com

engage.chat

actuallyprettycosmetics.com

obluedot3dbuy.com

beaullife.com

digitalqe.com

damgarrett.com

guojiggd.com

bolder-adventure.info

seewhitefish.com

yazaerik.com

williamswalker.com

amandaemcevoy.com

pushdabutton.com

happyparentingandfamilies.com

workinghomeparents.com

patriotpointmarina.com

montserratpages.cat

marriedtwomusic.com

satjulius.com

zachthebigbear.com

pakistanread.com

bilemedim.com

prnttees.com

fxwlk.com

thepaoluccigroup.com

tompgroup.com

costadosolff.com

Targets

- Target
  
  Pre-order.xlsx
- Size
  
  2.2MB
- MD5
  
  ff38cf4d7025c0a5be3d81ac520c498b
- SHA1
  
  2ad3bf55a7ac4c636ecdf1b703d46afd190b9525
- SHA256
  
  cadb48c6d6cb9a5806bb74899c4837916538e2b9257dcc0f28640cc8179fd391
- SHA512
  
  039351f7634ef17c18047c4f1e4fa2be2e71660f814019c014e69900f3a4fcc4c9153a1656d4e1ae15ad5203a2db5a2679922fe6716a1ccfef316b1a7217a0f9
Score

10^/10

formbook xloader loader rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy