formbook | 04565d469f7088f9fb122dd3b42274a84bdc1650156a815420381ef770e4373e | Triage

Submit
Reports

Overview

overview

Static

static

RFQ ORDER LIST.xlsx

windows7_x64

RFQ ORDER LIST.xlsx

windows10_x64

1

Sharing

General

Target

RFQ ORDER LIST.xlsx
Size

2.4MB
Sample

210119-k2h4g31lrs
MD5

7046895bf66247768d0ea01820e10bd7
SHA1

6a8dd66b8cb3a4abff011d80c2ce92cae5376a76
SHA256

04565d469f7088f9fb122dd3b42274a84bdc1650156a815420381ef770e4373e
SHA512

9ee04cae283b8f5edc7cfd14afe82f62266db71c8a1d8ce131b90b1832b17f02ba624caac95e1148b6b5265dcbd76e3130d90c238152adae5efb435ad49010a2

Score

10^/10

formbook xloader loader rat spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

RFQ ORDER LIST.xlsx

Resource

win7v20201028

formbook xloader loader rat spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ ORDER LIST.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.hitchhikerfab.com/qjnt/

Decoy

silverlakesfootball.com

drivebymovie.com

precisedirections.com

xn--01-mlcpq1abi.xn--p1acf

landhubturkey.com

andronomicon.com

kindlyhomecare.com

tyequip.com

planfra.com

wy1197.com

blackcatbaker.com

ddhhynjy.com

sales-altigen.com

valerielimozin.com

walmamall.com

quishkambalito.com

gnbsuvm.icu

milanostorear.com

olympiaopen.com

zradydlyazhinok-ua.com

chileenswijnhuis.online

squeegeedollarclub.com

ecritech.media

jugosdelsol.com

gamersgangbd.com

globalineducation.com

newenglandredsox.com

ajackson-design.com

blupointer.com

plantfulllife.com

bebes-fertiles.com

hoqueivilasana.com

evsucks.com

ggate.club

goldiewilson.com

jtdelastomer.com

hwhrc.com

safehomeseller.com

d2clip.com

856380770.xyz

peorig.club

magnificosocial.com

masterm77.com

jejucash.com

ciancor.com

primeoneimplants.com

xn--9t4bi03a.com

vietlangcenter.com

nickelindonesia.com

crcindustrialmx.com

jswproductionsllc.com

igxadnm.icu

formationbd.net

shdajiao.com

kitamura-clinic-seta.com

racevx.xyz

xingyedk.com

misteri365.net

agedeve.com

kutuluoyun.net

yrzx61.com

6s7f8mr8yk7ji.net

sumrajuniksure.com

everlastingnewyork.com

Targets

- Target
  
  RFQ ORDER LIST.xlsx
- Size
  
  2.4MB
- MD5
  
  7046895bf66247768d0ea01820e10bd7
- SHA1
  
  6a8dd66b8cb3a4abff011d80c2ce92cae5376a76
- SHA256
  
  04565d469f7088f9fb122dd3b42274a84bdc1650156a815420381ef770e4373e
- SHA512
  
  9ee04cae283b8f5edc7cfd14afe82f62266db71c8a1d8ce131b90b1832b17f02ba624caac95e1148b6b5265dcbd76e3130d90c238152adae5efb435ad49010a2
Score

10^/10

formbook xloader loader rat spyware stealer trojan upx
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy