formbook

General

Target

SecuriteInfo.com.Trojan.PWS.Stealer.29819.13214.25469
Size

297KB
Sample

210121-ppd4fgdzzj
MD5

2d435a73a52785b8912a447e4e205e50
SHA1

082edf778cbf0a7af0994d2a0b7d397b6a820f33
SHA256

1d87d74fe3b493880a672905108416227b6a2996eae2da3d8226cf65ae8ade26
SHA512

288063c4fe25cba62a24a9cb074c0362fd137a54f378e18eb537569750f3c7c26bd1a6343ca95ab805e02cc6b789e3d5b8ecc6e3f877eecfb4fda8c5a89aa7be

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.chuanxingtong.com/j5an/

Decoy

xwwgj.com

release-paypal.com

investorshighway.com

maglex.info

chenangopistolpermit.com

thebihareye.com

sanjosemasks.com

foremanmotors.com

stadtstreicherin.com

9247pf.com

erenvincplatform.xyz

cushcaps.com

flatisteam.com

kojyouibennto.com

rahmatsuparman.com

vallyfades.online

metropitstop.com

shopasha.com

windycitycreditsolutions.com

uproxysite.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.PWS.Stealer.29819.13214.25469
- Size
  
  297KB
- MD5
  
  2d435a73a52785b8912a447e4e205e50
- SHA1
  
  082edf778cbf0a7af0994d2a0b7d397b6a820f33
- SHA256
  
  1d87d74fe3b493880a672905108416227b6a2996eae2da3d8226cf65ae8ade26
- SHA512
  
  288063c4fe25cba62a24a9cb074c0362fd137a54f378e18eb537569750f3c7c26bd1a6343ca95ab805e02cc6b789e3d5b8ecc6e3f877eecfb4fda8c5a89aa7be
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2