formbook

General

Target

a7bc5a4d585adbe52ba261b7d93a9035.exe
Size

1015KB
Sample

210121-7412tt85rj
MD5

a7bc5a4d585adbe52ba261b7d93a9035
SHA1

cdb44af2a4740940c395f77bab7c53d7c25f5c0f
SHA256

d33af7d89d11e3319210f655787f74b8118e0e8804b85d718e659ead5db3ff1d
SHA512

6e2696172260a5703fbb00b353bad6c9673a881a461ae5c92ab071076d17439a20608146b907b83915e2c20f7fd0c32144bb5c775ea28164fb295333159ce0ab

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.stonescapes1.com/de92/

Decoy

zindaginews.com

tyelevator.com

schustermaninterests.com

algemixdelchef.com

doubscollectivites.com

e-butchery.com

hellbentmask.com

jumbpprivacy.com

teeniestiedye.com

playfulartwork.com

desertvacahs.com

w5470-hed.net

nepalearningpods.com

smoothandsleek.com

thecannaglow.com

torrentkittyla.com

industrytoyou.com

raquelvargas.net

rlc-nc.net

cryptoprises.com

Targets

- Target
  
  a7bc5a4d585adbe52ba261b7d93a9035.exe
- Size
  
  1015KB
- MD5
  
  a7bc5a4d585adbe52ba261b7d93a9035
- SHA1
  
  cdb44af2a4740940c395f77bab7c53d7c25f5c0f
- SHA256
  
  d33af7d89d11e3319210f655787f74b8118e0e8804b85d718e659ead5db3ff1d
- SHA512
  
  6e2696172260a5703fbb00b353bad6c9673a881a461ae5c92ab071076d17439a20608146b907b83915e2c20f7fd0c32144bb5c775ea28164fb295333159ce0ab
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2