formbook | 63b3402660ff4a015ff3bf516ece2da73234e315f5b0b7235ef3c4523d846152 | Triage

Submit
Reports

Overview

overview

Static

static

PO-RY 001-...ri.jar

windows7_x64

PO-RY 001-...ri.jar

windows10_x64

Sharing

General

Target

PO-RY 001-21 Accuri.jar
Size

372KB
Sample

210119-ehtflrh3k6
MD5

c57bb7c025860397afdef61c676ead90
SHA1

6b2195e0b140ad27c5fd909f4944b5a63c2a6e08
SHA256

63b3402660ff4a015ff3bf516ece2da73234e315f5b0b7235ef3c4523d846152
SHA512

7f1ddd540b4cb316101e1facb8a217047d607b7bcd9e888f020d2ca4fa46f0e04747fc465424f87c7e1a4c8713aa84bb34b33f4e2b97edb16d4c66392f90f6bd

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO-RY 001-21 Accuri.jar

Resource

win7v20201028

formbook xloader loader rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-RY 001-21 Accuri.jar

Resource

win10v20201028

formbook xloader loader rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.dmvantalya.com/bnuw/

Decoy

amgggma.com

reptilerus.com

degearboss.com

jennaelsbakeshop.com

invisablescreen.com

beingsingleda.com

2nsupplements.online

12862.xyz

expand.care

romeoalchimistefullmental.com

7750166.com

brendonellis.com

sprayfoamharlemny.com

bukannyaterbuai30.com

boatpiz.com

stylistrx.com

decorationhaven.com

stockaro.com

state728.com

secretlairtoys.com

davenportnsons.com

gofetchable.com

xn--vhqqb859bnjqul4b7fg.com

jsmcareers.com

czb878.com

reformadventist.com

nishagile.com

rotalablog.com

beachesvr.com

ekpays.com

triphousestudio.com

kusytekrealities.com

madhabicorp.com

husum-ferienwohnungen.com

mitbss.com

farmersly.com

appcaoya.com

ninjawhatsapp.club

creuatrue.com

watsonmedi.com

purposelyproductivelab.com

alliswell.info

narichan01.com

racevx.xyz

swiftappliancessc.com

aiguapea.com

xn--kok-j59d107t.net

informaprofiles.com

denetimlitakip.net

xtremesupplies.com

motion-mill-tv.com

thealtxmvmt.com

sexeighty.com

kiiteblog.com

aoey.ink

tiendastags.com

politicalrefs.com

lifeinsuranceyourway.com

rozellrealtynj.com

newsparika.com

kettel.net

taxandbookkeepingsolutions.com

fashiongraphia.com

coredigit.net

Targets

- Target
  
  PO-RY 001-21 Accuri.jar
- Size
  
  372KB
- MD5
  
  c57bb7c025860397afdef61c676ead90
- SHA1
  
  6b2195e0b140ad27c5fd909f4944b5a63c2a6e08
- SHA256
  
  63b3402660ff4a015ff3bf516ece2da73234e315f5b0b7235ef3c4523d846152
- SHA512
  
  7f1ddd540b4cb316101e1facb8a217047d607b7bcd9e888f020d2ca4fa46f0e04747fc465424f87c7e1a4c8713aa84bb34b33f4e2b97edb16d4c66392f90f6bd
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2

formbookxloaderloaderratspywarestealertrojan

© 2018-2024

Terms | Privacy