formbook

General

Target

9ffe2705a8dc9d3d60b856b9fb9c9501d12dc57b89eaa9f1cd0ae41adb9f234e.exe
Size

289KB
Sample

210226-qyt98me9v6
MD5

456dfe1f5220c97f904bd4704ea34956
SHA1

539cade9a33487696ec1b037c9e124af71a353e3
SHA256

9ffe2705a8dc9d3d60b856b9fb9c9501d12dc57b89eaa9f1cd0ae41adb9f234e
SHA512

817f7f4efb00c6e21e8f5f8e988ae25442e6035f1ba857edd283a53e5101d9d351467bd6d1a7913b3b78580bbe1176e0d51c4db689563102df33b1d67c892eda

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.torontotel.com/4qdc/

Decoy

mangpe.asia

mmstruckingllc.com

ascendingworship.com

gfeets.com

smartcbda.com

dreaminggrand.com

dohostar.com

farkindalik365.com

weareexpatwomen.com

gamereruns.com

rosesandframes.com

commagx4.info

tarpleymusic.info

szttskj.com

calatheahomeservices.com

qm7886.com

emunmous.com

deutschclub.com

39palmavenue.com

thepixxelgroup.com

Targets

- Target
  
  9ffe2705a8dc9d3d60b856b9fb9c9501d12dc57b89eaa9f1cd0ae41adb9f234e.exe
- Size
  
  289KB
- MD5
  
  456dfe1f5220c97f904bd4704ea34956
- SHA1
  
  539cade9a33487696ec1b037c9e124af71a353e3
- SHA256
  
  9ffe2705a8dc9d3d60b856b9fb9c9501d12dc57b89eaa9f1cd0ae41adb9f234e
- SHA512
  
  817f7f4efb00c6e21e8f5f8e988ae25442e6035f1ba857edd283a53e5101d9d351467bd6d1a7913b3b78580bbe1176e0d51c4db689563102df33b1d67c892eda
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2