formbook

General

Target

3a9e68325d16c69df66db1b81f666601.exe
Size

1010KB
Sample

210121-pm9pjanwds
MD5

3a9e68325d16c69df66db1b81f666601
SHA1

21a067ed90eb91cb58466b00d379812823aab451
SHA256

82809ddcfce7489cd7b3c92abf7a4f8d4cc3a0b7b98f03712b7828c24d823b80
SHA512

c724a00a837b25ba95eeeb6980340fc4374f3c2f82dce00f0e18599a2e51cf2d72deb80310e79f070888699762c2a1e972fae53fafed8b818262f75e438f4dba

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.classifoods.com/oean/

Decoy

keboate.club

whitehatiq.com

loimtech.com

icaroagencia.com

snigglez.com

noreservationsxpress.com

villacascabel.com

5037adairway.com

growingequity.fund

stafffully.com

bingent.info

tmssaleguarantee.com

neonatalfeedrates.com

george-beauty.com

oraghallaighjourney.net

zunutrition.com

sylkysmooveentertainment.com

ddmns6tzey2d.com

dvcstay.com

304shaughnessygreen.info

Targets

- Target
  
  3a9e68325d16c69df66db1b81f666601.exe
- Size
  
  1010KB
- MD5
  
  3a9e68325d16c69df66db1b81f666601
- SHA1
  
  21a067ed90eb91cb58466b00d379812823aab451
- SHA256
  
  82809ddcfce7489cd7b3c92abf7a4f8d4cc3a0b7b98f03712b7828c24d823b80
- SHA512
  
  c724a00a837b25ba95eeeb6980340fc4374f3c2f82dce00f0e18599a2e51cf2d72deb80310e79f070888699762c2a1e972fae53fafed8b818262f75e438f4dba
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2