formbook | 136adc85cb6e108bb2b15af54afdce83ee2affad76c0a669c7c8e9ff10dc86aa | Triage

Sharing

General

Target

REMITTANCE ADVICE [REF0000360261]_PDF.xlsx
Size

2.3MB
Sample

210120-hp3wadfjya
MD5

43b96385258acf475e9bcfa298296114
SHA1

94a26c83395d7e51fd9e8d5b5842708d96b4b9df
SHA256

136adc85cb6e108bb2b15af54afdce83ee2affad76c0a669c7c8e9ff10dc86aa
SHA512

53087749e9b6eda791a66e1ceea94ed5375ab816b839ef0460c37be4e16a98d86e2452853862d727a340096855a89d3b17d8dc5ccc2482f5fadae363006c7b47

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.vkreditoff.online/hvu9/

Decoy

infrapin.com

electrochimp.com

hometuitionteachers.com

cruelworldsupply.com

wesolvit.net

transferypilkarskie.com

nuovavoce.style

secundaria209emilianozapata.com

brewmastersbrigade.com

delraymessageandtherapy.com

trikeua.com

buildelectricwa.info

inspiredbylisamarie.com

keaidoo.com

cahmp.com

cockteesgolf.com

seachakravibe.store

timelesswritersgroup.com

kingdombest.net

metodologiamontessori.com

Targets

- Target
  
  REMITTANCE ADVICE [REF0000360261]_PDF.xlsx
- Size
  
  2.3MB
- MD5
  
  43b96385258acf475e9bcfa298296114
- SHA1
  
  94a26c83395d7e51fd9e8d5b5842708d96b4b9df
- SHA256
  
  136adc85cb6e108bb2b15af54afdce83ee2affad76c0a669c7c8e9ff10dc86aa
- SHA512
  
  53087749e9b6eda791a66e1ceea94ed5375ab816b839ef0460c37be4e16a98d86e2452853862d727a340096855a89d3b17d8dc5ccc2482f5fadae363006c7b47
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2