formbook

General

Target

Bank details.exe
Size

887KB
Sample

210119-yml1ry8p8x
MD5

3eec66e80f478d2730d7e128d393460d
SHA1

b86c0705c6b9cf3101f7d5fa17d094ec7cb3d3da
SHA256

6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18
SHA512

5a9425722539d2053b39962ee2b6f3df61c896946664638b180723979a6b024f8c3d5c7d48dcba5eb00bc93f1498744919f9d1790662e851c9bfd3f45905cdfa

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.lensinlens.com/ehxh/

Decoy

financialaccompany.com

face2bouk.com

blazedisinfecting.com

providaconsultinggroup.com

distriautosdelpacifico.com

myaduhelm.com

thangmaygiatot.com

nuevasantatecla.com

endpedophiles.com

alwanps.com

anzi-studio.com

twoswinginghammers.com

curbedinc.com

purecleantn.com

4levelsplit.com

talklinecall.com

egypte-vakanties.com

xzntfwof.icu

sosyoclassic.com

adjoalearningacademy.com

Targets

- Target
  
  Bank details.exe
- Size
  
  887KB
- MD5
  
  3eec66e80f478d2730d7e128d393460d
- SHA1
  
  b86c0705c6b9cf3101f7d5fa17d094ec7cb3d3da
- SHA256
  
  6acec5800bb6a457e47029754e9eb7d6bf405ff56ea9f074741dabfdac141c18
- SHA512
  
  5a9425722539d2053b39962ee2b6f3df61c896946664638b180723979a6b024f8c3d5c7d48dcba5eb00bc93f1498744919f9d1790662e851c9bfd3f45905cdfa
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2