formbook | 3a220e6bff537b270991d1bb49e530c7279fb643f8a9b5998bbefae6140a19f4 | Triage

Sharing

General

Target

Doc_3957495686846574893974939464936488463936484,pdf.exe
Size

77KB
Sample

210226-263yw9x3ge
MD5

1662b1ff6de1371a09ecabb5a2c14905
SHA1

5a9353c5b8b1e1b19b7879cd483c9f715237c478
SHA256

3a220e6bff537b270991d1bb49e530c7279fb643f8a9b5998bbefae6140a19f4
SHA512

ae20025d79fbfbf85bceeaca71fcd170966eaa71761dffc4d96405311e314f44b4f6d5573747b6923da0477c0a2ba1ecd95c14e917aa9408c157c6964fd3b68f

Score

10^/10

formbook xloader evasion loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

C2

http://www.aubonmarcheduparc.com/rina/

Decoy

syndicauto.net

techvorx.com

palletrackingvancouver.com

pricetrackerindia.com

photocravings.com

jenniferlwilsonrn.com

cartucce-toner.com

fred-auto-sport.com

aletheajean.com

beautyhacks.website

seoalmaguer.com

cursoencasa.net

flex-eg.com

dygdreams.com

magnoliadawson.com

whitehouseeffectband.com

visualtrigger.art

kalinahybridseeds.com

glacesnamur.com

drbordogna.com

Targets

- Target
  
  Doc_3957495686846574893974939464936488463936484,pdf.exe
- Size
  
  77KB
- MD5
  
  1662b1ff6de1371a09ecabb5a2c14905
- SHA1
  
  5a9353c5b8b1e1b19b7879cd483c9f715237c478
- SHA256
  
  3a220e6bff537b270991d1bb49e530c7279fb643f8a9b5998bbefae6140a19f4
- SHA512
  
  ae20025d79fbfbf85bceeaca71fcd170966eaa71761dffc4d96405311e314f44b4f6d5573747b6923da0477c0a2ba1ecd95c14e917aa9408c157c6964fd3b68f
Score

10^/10

formbook xloader evasion loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderevasionloaderratspywarestealertrojan

behavioral2

formbookxloaderevasionloaderratspywarestealertrojan