formbook

General

Target

3b8915f2201cd0d307fd89e6b0b453e9.exe
Size

351KB
Sample

210119-ypn5lm86me
MD5

3b8915f2201cd0d307fd89e6b0b453e9
SHA1

c911c32eafbeab116ce976b1fac6f6fa4f7c0997
SHA256

b9a286880c70bf7b6b049c8be7b7b14d8318b6c38d04185eced4bc48795330ff
SHA512

7e58a662c6b658c8d663797747a0ff1dbd94e8e59b7cc6a48352b3f50e53a33efd4c29c5ca737244647e4ad02e0f70dbdfa277f6782a1765b22c4a71e3cec4c3

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.inreachpt.com/gqx2/

Decoy

calusaptamiami.com

starlinkwebservices.com

lakeviewbarbershonola.com

oaklandraidersjerseyspop.com

ohiotechreport.com

eligetucafetera.com

tu4343.com

abstract-elearning.com

thebabylashes.com

athleteshive.com

fanninhomesforless.com

sembracna.com

servicesyn.com

bellairechoice.com

tmpaas.com

eyepaa.com

stickerzblvd.com

rentfs.com

nadya-shanab.com

microwgreens.net

Targets

- Target
  
  3b8915f2201cd0d307fd89e6b0b453e9.exe
- Size
  
  351KB
- MD5
  
  3b8915f2201cd0d307fd89e6b0b453e9
- SHA1
  
  c911c32eafbeab116ce976b1fac6f6fa4f7c0997
- SHA256
  
  b9a286880c70bf7b6b049c8be7b7b14d8318b6c38d04185eced4bc48795330ff
- SHA512
  
  7e58a662c6b658c8d663797747a0ff1dbd94e8e59b7cc6a48352b3f50e53a33efd4c29c5ca737244647e4ad02e0f70dbdfa277f6782a1765b22c4a71e3cec4c3
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2