formbook

General

Target

2d6580e78be6580bf89ed5e9e13f14e0.exe
Size

1.4MB
Sample

210119-pbgaqed4n2
MD5

2d6580e78be6580bf89ed5e9e13f14e0
SHA1

3f5153f7da3338d61164df6944b01a0666396517
SHA256

a38cbbb16b9dda3d7aebcdcd033a8f5e56f17257c060859a3cdd2e1a8bb27ab9
SHA512

c58a9f97990e255afd7b6f5538a95d132e0ad00d204b6f3de32e1d675a45d99397e098fe9515081d13eb9ba3491d8cea294f19c7392563212549fc8a739a37bb

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.inreachpt.com/gqx2/

Decoy

calusaptamiami.com

starlinkwebservices.com

lakeviewbarbershonola.com

oaklandraidersjerseyspop.com

ohiotechreport.com

eligetucafetera.com

tu4343.com

abstract-elearning.com

thebabylashes.com

athleteshive.com

fanninhomesforless.com

sembracna.com

servicesyn.com

bellairechoice.com

tmpaas.com

eyepaa.com

stickerzblvd.com

rentfs.com

nadya-shanab.com

microwgreens.net

Targets

- Target
  
  2d6580e78be6580bf89ed5e9e13f14e0.exe
- Size
  
  1.4MB
- MD5
  
  2d6580e78be6580bf89ed5e9e13f14e0
- SHA1
  
  3f5153f7da3338d61164df6944b01a0666396517
- SHA256
  
  a38cbbb16b9dda3d7aebcdcd033a8f5e56f17257c060859a3cdd2e1a8bb27ab9
- SHA512
  
  c58a9f97990e255afd7b6f5538a95d132e0ad00d204b6f3de32e1d675a45d99397e098fe9515081d13eb9ba3491d8cea294f19c7392563212549fc8a739a37bb
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2