formbook

General

Target

f0f1a843b50f76e7236cc32dedf1d65d.exe
Size

276KB
Sample

210119-qbvhks8rcs
MD5

f0f1a843b50f76e7236cc32dedf1d65d
SHA1

f84f30a93355d46bbdbebfedc760188879b6db0b
SHA256

3ed3126cfc3094e0f1a5736369cc55f68feb9bf6c9e31ba6e00e36f11917bc18
SHA512

f856db58b39aacbc858a248a7352ee20e63ac3a50966ebb9a95bcacad6221d98eff7a8f4024fae08badfc45396a7312a8bf70e69e5802777b7e34ef6e48342a2

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.douzhuan168.com/o8na/

Decoy

www1669099.com

digitalallserv.com

thiszzzwq.info

dallasoswalt.info

ladolcefesta.com

mariamalikially.com

origenbsas.com

antichoc.watch

tropicalbirdtoys.com

bbluedotvrwdbuy.com

racevx.xyz

ut-trustandwill.com

maximumhomeoffers.com

wrapname.com

hypelighystrip.com

oshoum2020.com

parkwestmi.com

themodumall.com

tempuslawnandsnow.com

dailypromo.xyz

Targets

- Target
  
  f0f1a843b50f76e7236cc32dedf1d65d.exe
- Size
  
  276KB
- MD5
  
  f0f1a843b50f76e7236cc32dedf1d65d
- SHA1
  
  f84f30a93355d46bbdbebfedc760188879b6db0b
- SHA256
  
  3ed3126cfc3094e0f1a5736369cc55f68feb9bf6c9e31ba6e00e36f11917bc18
- SHA512
  
  f856db58b39aacbc858a248a7352ee20e63ac3a50966ebb9a95bcacad6221d98eff7a8f4024fae08badfc45396a7312a8bf70e69e5802777b7e34ef6e48342a2
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2