formbook

General

Target

09657a01ff5462b3dde8ebe84aa420836aeaacfebc06cd840a5831d79e7470ec
Size

1.4MB
Sample

210120-alhk1751ys
MD5

90b32183f0e74bffe92861a7dbaba835
SHA1

326385606bc53fe088ff1e3c5ec7ce177c431d43
SHA256

09657a01ff5462b3dde8ebe84aa420836aeaacfebc06cd840a5831d79e7470ec
SHA512

5885b6d443b9379852a14d8add736b77bfad56ed2e4777b058fe9813e8c47186c52cb83f021ea01e2d0bb617175dfb38d16d0e8b0163930b0fbfc0b7cd46961c

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.vkreditoff.online/hvu9/

Decoy

infrapin.com

electrochimp.com

hometuitionteachers.com

cruelworldsupply.com

wesolvit.net

transferypilkarskie.com

nuovavoce.style

secundaria209emilianozapata.com

brewmastersbrigade.com

delraymessageandtherapy.com

trikeua.com

buildelectricwa.info

inspiredbylisamarie.com

keaidoo.com

cahmp.com

cockteesgolf.com

seachakravibe.store

timelesswritersgroup.com

kingdombest.net

metodologiamontessori.com

Targets

- Target
  
  09657a01ff5462b3dde8ebe84aa420836aeaacfebc06cd840a5831d79e7470ec
- Size
  
  1.4MB
- MD5
  
  90b32183f0e74bffe92861a7dbaba835
- SHA1
  
  326385606bc53fe088ff1e3c5ec7ce177c431d43
- SHA256
  
  09657a01ff5462b3dde8ebe84aa420836aeaacfebc06cd840a5831d79e7470ec
- SHA512
  
  5885b6d443b9379852a14d8add736b77bfad56ed2e4777b058fe9813e8c47186c52cb83f021ea01e2d0bb617175dfb38d16d0e8b0163930b0fbfc0b7cd46961c
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2