formbook

General

Target

7195211e786ecd993b3c6a3176942d15.exe
Size

432KB
Sample

210119-jzqbf6gzzn
MD5

7195211e786ecd993b3c6a3176942d15
SHA1

b654f8e012d933e295b48d427d8939265d50a5e2
SHA256

5551c39b0838a38711babfe60b36dda8855791ce1512553858fbaff025d31122
SHA512

b784bce514162fa73dc1e3a9f63a6daaaac5037a636e0ab3645a1573cd5c1de1d71dbb7abed9a2ccfb50197c6d22f1102f547ae6bb87d765627ac84d53df47c2

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.inreachpt.com/gqx2/

Decoy

calusaptamiami.com

starlinkwebservices.com

lakeviewbarbershonola.com

oaklandraidersjerseyspop.com

ohiotechreport.com

eligetucafetera.com

tu4343.com

abstract-elearning.com

thebabylashes.com

athleteshive.com

fanninhomesforless.com

sembracna.com

servicesyn.com

bellairechoice.com

tmpaas.com

eyepaa.com

stickerzblvd.com

rentfs.com

nadya-shanab.com

microwgreens.net

Targets

- Target
  
  7195211e786ecd993b3c6a3176942d15.exe
- Size
  
  432KB
- MD5
  
  7195211e786ecd993b3c6a3176942d15
- SHA1
  
  b654f8e012d933e295b48d427d8939265d50a5e2
- SHA256
  
  5551c39b0838a38711babfe60b36dda8855791ce1512553858fbaff025d31122
- SHA512
  
  b784bce514162fa73dc1e3a9f63a6daaaac5037a636e0ab3645a1573cd5c1de1d71dbb7abed9a2ccfb50197c6d22f1102f547ae6bb87d765627ac84d53df47c2
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2