formbook

General

Target

9d706a2b53e06d2d9a6fbada380f26e0.exe
Size

948KB
Sample

210120-jf41dkc3yn
MD5

9d706a2b53e06d2d9a6fbada380f26e0
SHA1

0c2e3a69d72ae7f4a95dfa23b90857a59c4383a6
SHA256

27196c6c79c8cdb02b4ee6b1028ec11aa38bbeea6d94d956a22ab1228c65b733
SHA512

5b9b07d6b737edb9125bafc2ce25e583a4a38e3a39fd7e8fc91474e79bbaddb41a796df6d181b0842b9e7ab961d9ee790f6c71d6606346218b9f6308007df853

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  9d706a2b53e06d2d9a6fbada380f26e0.exe
- Size
  
  948KB
- MD5
  
  9d706a2b53e06d2d9a6fbada380f26e0
- SHA1
  
  0c2e3a69d72ae7f4a95dfa23b90857a59c4383a6
- SHA256
  
  27196c6c79c8cdb02b4ee6b1028ec11aa38bbeea6d94d956a22ab1228c65b733
- SHA512
  
  5b9b07d6b737edb9125bafc2ce25e583a4a38e3a39fd7e8fc91474e79bbaddb41a796df6d181b0842b9e7ab961d9ee790f6c71d6606346218b9f6308007df853
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2