formbook

General

Target

scm928192.rar
Size

202KB
Sample

210226-52ykymnq6a
MD5

a76a7a9f3c6900a31f0b7b54979cce76
SHA1

6ac6e07b9d620b542e599b53874934c62d673c28
SHA256

2f954a9ae45e4a7a0a1131f5ca55cd20da04b1416276897377e9490c428f691a
SHA512

e8ac6479026a005cfa49d78f1112bd280f897f910bb059a4fc879766c88036a8ba7074fc71da0f4cf71e41b07869b6eb31468f0e6c3ce14f698e6e0fe96aeb1c

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.dopiel.com/s0ps/

Decoy

vexura.com

xnl.xyz

lumpen.party

ourdatajourney.com

globalprofessionalsummit.com

wellnesspasssite.com

lafronteraradio.com

voterchallengeva.com

campanatv.com

militarychiro.com

cowbex.info

mosquitosolutionsalpha.com

healthykala.com

xmsealite.com

xn--ock1cjz.com

advocate-quota.com

karecfo.com

vettedwealthmanagement.com

everlein.com

lashundaclaiborn.com

Targets

- Target
  
  scm928192.exe
- Size
  
  237KB
- MD5
  
  ea2aaf3a9a00cab64376035e9291c7cc
- SHA1
  
  28683f918a9c4195ff93ca2027642949444770c0
- SHA256
  
  7bd662ff22dd43bb8e23046925d83ae5125824776c6b4209cc50417205c91e6c
- SHA512
  
  aa50e615fb57b3ce1963b8cbdf1b561c15f72bef210e4f80e4854a98ecd4915c32636b139637c0d36b4b00e1cfbdd57418b5e2891916fb1ccc2d5ba167b4ca1d
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2