formbook

General

Target

Calendario dei pagamenti.exe
Size

219KB
Sample

210119-e25a2ywdfe
MD5

1a02db6595fb5471a1d91a4f51897269
SHA1

644069ab472309d4ecfca95de736dfb14676a776
SHA256

dd9c6267a87c89067d157e28d6f3ca17f958871f3d403609ed72dad80514e226
SHA512

ca86ca60343f96581c67ddaabd8553cfa030a1ae7cbedc0f05da403d972f7c2de9bf3048a0dbd43642c846f92f9c6f5b280f6537ef013a6d121fb70d72a2905d

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.smallcoloradoweddings.com/kio8/

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

- Target
  
  Calendario dei pagamenti.exe
- Size
  
  219KB
- MD5
  
  1a02db6595fb5471a1d91a4f51897269
- SHA1
  
  644069ab472309d4ecfca95de736dfb14676a776
- SHA256
  
  dd9c6267a87c89067d157e28d6f3ca17f958871f3d403609ed72dad80514e226
- SHA512
  
  ca86ca60343f96581c67ddaabd8553cfa030a1ae7cbedc0f05da403d972f7c2de9bf3048a0dbd43642c846f92f9c6f5b280f6537ef013a6d121fb70d72a2905d
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2