formbook

General

Target

PO81053.exe
Size

189KB
Sample

210119-cjhqrpwvln
MD5

133bddae88916c0016892d2cf55b6d8a
SHA1

5eaa43928a9a569fb807f5e8c1ecf9a54da79515
SHA256

f5a88909c2272b7ddba37b210ca2bbf79c4baf80e51f883a36e5887183b84d3b
SHA512

8dc23a5e14f031eaff4ee1096a8f427783b9f9a9ce83f635bf8fd712e78b9f36327b42fba6ffd696684e398fc8794e9a5dd87ffdf8ff533c98ce14856ee23697

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.wissinkadams.com/iae2/

Decoy

mainstreetswimschool.com

nhadat9chu.com

guidedcommercialloan.com

quandd.site

smittysfrontlinecarriers.com

hmas-vibrant.com

pakunok.net

jiffihosting.com

shopping-container.com

quartiercreole.net

weebflix.com

gringomexico.com

whathappensnextin6minutes.com

patchealth.com

exclusivelymarissa.com

my-glp.com

trgtbk.com

sagefemmecaluire.com

fetaldiagnosislaboratorios.com

aniversariocom-presente12.com

Targets

- Target
  
  PO81053.exe
- Size
  
  189KB
- MD5
  
  133bddae88916c0016892d2cf55b6d8a
- SHA1
  
  5eaa43928a9a569fb807f5e8c1ecf9a54da79515
- SHA256
  
  f5a88909c2272b7ddba37b210ca2bbf79c4baf80e51f883a36e5887183b84d3b
- SHA512
  
  8dc23a5e14f031eaff4ee1096a8f427783b9f9a9ce83f635bf8fd712e78b9f36327b42fba6ffd696684e398fc8794e9a5dd87ffdf8ff533c98ce14856ee23697
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2