formbook

General

Target

cc17df44b8e738bbe7614e5b0fbaf229.exe
Size

908KB
Sample

210121-vetzsw3p62
MD5

cc17df44b8e738bbe7614e5b0fbaf229
SHA1

0501119c5e52d771b127764f7fffb5f38c6c45b1
SHA256

b073ef66058998fc6ee7c61fb6eeaffe28a816f36dda995edcd1a6e893deedd3
SHA512

d0e61e958740521e2463989037236cd87579ffef430e9eca263c70dbcadc160c44a015b1dd3411c0240374aa6a1cf7b47946b775eebccc004a52c1aad3371bc8

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  cc17df44b8e738bbe7614e5b0fbaf229.exe
- Size
  
  908KB
- MD5
  
  cc17df44b8e738bbe7614e5b0fbaf229
- SHA1
  
  0501119c5e52d771b127764f7fffb5f38c6c45b1
- SHA256
  
  b073ef66058998fc6ee7c61fb6eeaffe28a816f36dda995edcd1a6e893deedd3
- SHA512
  
  d0e61e958740521e2463989037236cd87579ffef430e9eca263c70dbcadc160c44a015b1dd3411c0240374aa6a1cf7b47946b775eebccc004a52c1aad3371bc8
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2