formbook

General

Target

payment_doc.rar
Size

550KB
Sample

210119-xfxsl5d6ke
MD5

c3abbbcb8910ed7bdb17023d4a7dad9a
SHA1

0db061650dc7c52e97c436d60094d6b9a4632ee1
SHA256

752c933394c080ea667a1d098c603a7216c16cdfb2bae516d78a0aeb14543248
SHA512

588905a92f064cce31a0c53616660e095e3f361f0086c9b54f916af8f55d990a7767239f332e6ca36a85ea28d6b72b3336e1f5b3bef7579c5f73c2b8c421803c

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.bimtracks.com/e3eb/

Decoy

jrgsestates.com

xpress-supplies.com

manniramart.com

2800delaware.com

abeltobaygo.com

audiologiamallorca.com

motormaniaintl.com

millennialluxuryliving.com

wrightrealestates.com

servicesguide.online

ignitejob.com

overdoza.com

deliveringcarsanywhere.com

lojahellomundo.com

245245.xyz

ngdbusa.com

bandarnalo.network

microbekr.com

myflycodes.club

weatherstationpolinema2020.com

Targets

- Target
  
  payment _doc.exe
- Size
  
  884KB
- MD5
  
  d65c9fe128d2294055cc9b3238e67c07
- SHA1
  
  1495109fc0760f4becd195b790206a0fc00b89ce
- SHA256
  
  ad03ca16b05c593894d3cf90ea6ebe56f3ce6dc94dc0675234f357893f3aadfa
- SHA512
  
  60b9fb9c9d159dac7d9a486ebf7dba7387ac45ab184857a0721d59e2a78dc4a4e074b80126d912d4a00351345f564e283ef2bf7630c437147d398a52b4f9fb21
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2