formbook

General

Target

19e644c41fd27209fe912177c9abe3aa.exe
Size

1.4MB
Sample

210120-9lnnvq48pa
MD5

19e644c41fd27209fe912177c9abe3aa
SHA1

fe90bff2ec815928f3e6bf9ee10e714eb81b0179
SHA256

79a5735a233925fa0fbbae9a0d38411de1d697dd5bbed65970c94bdf2be1a16a
SHA512

b73bbad3acb057b70eeda9630ad6927b2b13519bc8b4a09dca76b3c41163da0467f6ce49c2cda2534417bbd4a3f196c6c0c2ee6e6e91b9e827a8e48d66fe20ab

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.learnhour.net/eaud/

Decoy

modshiro.com

mademarketingoss.com

austinjourls.info

wayupteam.com

crossingfinger.com

interseptors.com

gigashit.com

livetigo.com

halamankuningindonesia.com

windhammills.com

aylinahmet.com

mbacexonan.website

shopboxbarcelona.com

youyeslive.com

coonlinesportsbooks.com

guorunme.com

putlocker2.site

pencueaidnetwork.com

likevector.com

vulcanudachi-proclub.com

Targets

- Target
  
  19e644c41fd27209fe912177c9abe3aa.exe
- Size
  
  1.4MB
- MD5
  
  19e644c41fd27209fe912177c9abe3aa
- SHA1
  
  fe90bff2ec815928f3e6bf9ee10e714eb81b0179
- SHA256
  
  79a5735a233925fa0fbbae9a0d38411de1d697dd5bbed65970c94bdf2be1a16a
- SHA512
  
  b73bbad3acb057b70eeda9630ad6927b2b13519bc8b4a09dca76b3c41163da0467f6ce49c2cda2534417bbd4a3f196c6c0c2ee6e6e91b9e827a8e48d66fe20ab
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2