formbook

General

Target

BEF20201801.exe
Size

1.2MB
Sample

210119-jz5mnv7b9e
MD5

06e4d811d6a0234e3c4ef9eba38fd5a1
SHA1

bbbd38280ad7fa5e36ba27a16873941613ae6e52
SHA256

337be490c64d6bf931577dd90ea28277392a46ea541b61f1574dcd75aab02b0f
SHA512

52223bef10103e10d56b3054c67baf088f70b6a88c13ac525d79f11ff385680288d1184c89da92a7aa9c9bcbdf1f8eb23881df1e9a9c3439236f77809953e209

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.a-emeservice.com/m8ec/

Decoy

thomascraigwealth.com

melbournemedicalhealth.net

tdxcoin.com

lukassbprojects.net

aldemallc.com

moqawalat-kuwait.com

txcsco.com

jobcarepro.com

sedotwcmedanmurah.com

niconthenine.com

radliffrehab.com

infiniteechogroup.com

stellantis-luxury-rent.com

ibusehat.info

resellerauctions.com

softwarexprogrammers.com

bumpnlifestyle.com

mintmacher.com

partapprintercare.com

justrightinsurance.com

Targets

- Target
  
  BEF20201801.exe
- Size
  
  1.2MB
- MD5
  
  06e4d811d6a0234e3c4ef9eba38fd5a1
- SHA1
  
  bbbd38280ad7fa5e36ba27a16873941613ae6e52
- SHA256
  
  337be490c64d6bf931577dd90ea28277392a46ea541b61f1574dcd75aab02b0f
- SHA512
  
  52223bef10103e10d56b3054c67baf088f70b6a88c13ac525d79f11ff385680288d1184c89da92a7aa9c9bcbdf1f8eb23881df1e9a9c3439236f77809953e209
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2