formbook | 399638eeb199d1bbe7158c2f6864cc96697a0079e944518c71b0874a0811a360 | Triage

Sharing

General

Target

Statement for T10495 - 18-01-21 15-23.jar
Size

1.0MB
Sample

210119-ecvz7lm2g2
MD5

861c4a96a8f31a1f21b26ef6fd58e531
SHA1

d4e3c6efd37ad7d95c642528ec28ad2c733ca42a
SHA256

399638eeb199d1bbe7158c2f6864cc96697a0079e944518c71b0874a0811a360
SHA512

388ec18a8c30be9fa39c32e2dd08934dbbb3e1003963da7aaed9e478c554742eb315ed893e4da3e7d29fbe6f89bb4f0c988dfce4aa8ee659c4fad29d7f192700

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.dmvantalya.com/bnuw/

Decoy

amgggma.com

reptilerus.com

degearboss.com

jennaelsbakeshop.com

invisablescreen.com

beingsingleda.com

2nsupplements.online

12862.xyz

expand.care

romeoalchimistefullmental.com

7750166.com

brendonellis.com

sprayfoamharlemny.com

bukannyaterbuai30.com

boatpiz.com

stylistrx.com

decorationhaven.com

stockaro.com

state728.com

secretlairtoys.com

Targets

- Target
  
  Statement for T10495 - 18-01-21 15-23.jar
- Size
  
  1.0MB
- MD5
  
  861c4a96a8f31a1f21b26ef6fd58e531
- SHA1
  
  d4e3c6efd37ad7d95c642528ec28ad2c733ca42a
- SHA256
  
  399638eeb199d1bbe7158c2f6864cc96697a0079e944518c71b0874a0811a360
- SHA512
  
  388ec18a8c30be9fa39c32e2dd08934dbbb3e1003963da7aaed9e478c554742eb315ed893e4da3e7d29fbe6f89bb4f0c988dfce4aa8ee659c4fad29d7f192700
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookxloaderloaderratspywarestealertrojan