formbook

General

Target

dira2.exe
Size

914KB
Sample

210120-3zt81wmvc6
MD5

7f67485d2d0a280dce0e66d24fa97972
SHA1

508369a537e7db8b44505f2d2d55f57ddefad947
SHA256

1e0ffffac4a1077450af5cd08414d45c275605cdedd7a3138a863b96ea3624ab
SHA512

f614fc558d676510958a64dd2c83edd280dce713a28e3276b3d840f20b39a816e4175d5cd53e4830cf36c425cb3d2951f63e19b977d889c22b5a7a3a34b7e2f3

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  dira2.exe
- Size
  
  914KB
- MD5
  
  7f67485d2d0a280dce0e66d24fa97972
- SHA1
  
  508369a537e7db8b44505f2d2d55f57ddefad947
- SHA256
  
  1e0ffffac4a1077450af5cd08414d45c275605cdedd7a3138a863b96ea3624ab
- SHA512
  
  f614fc558d676510958a64dd2c83edd280dce713a28e3276b3d840f20b39a816e4175d5cd53e4830cf36c425cb3d2951f63e19b977d889c22b5a7a3a34b7e2f3
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2