formbook | 08a0ab3c46df8c30ed29ab0ab4d5cc733c421cbff42490788a34f5aba13bb37b | Triage

Submit
Reports

Overview

overview

Static

static

PAYMENTADVICE.xlsx

windows7_x64

PAYMENTADVICE.xlsx

windows10_x64

1

Sharing

General

Target

PAYMENTADVICE.xlsx
Size

2.3MB
Sample

210226-tfp4hg4kh2
MD5

6a665d2ebffb301cd53b051cf04337b3
SHA1

74b35d94beacfe37f41cc6891e7ddc96a442c0bd
SHA256

08a0ab3c46df8c30ed29ab0ab4d5cc733c421cbff42490788a34f5aba13bb37b
SHA512

8b19d0ffa2315b8ff74eece86ab92bc417523867291589700cf086f6a3aa0199e119fcd55a04d05e007a15bdfaceeeab6a31c1906d7bd8ca37c50fdcaea6ecae

Score

10^/10

formbook xloader loader rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PAYMENTADVICE.xlsx

Resource

win7v20201028

formbook xloader loader rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PAYMENTADVICE.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.torontotel.com/4qdc/

Decoy

mangpe.asia

mmstruckingllc.com

ascendingworship.com

gfeets.com

smartcbda.com

dreaminggrand.com

dohostar.com

farkindalik365.com

weareexpatwomen.com

gamereruns.com

rosesandframes.com

commagx4.info

tarpleymusic.info

szttskj.com

calatheahomeservices.com

qm7886.com

emunmous.com

deutschclub.com

39palmavenue.com

thepixxelgroup.com

buildassetswealth.com

oscarandmarina.com

zingoworks.space

edgewooddhr.net

earth-emily.com

belanjagratis.com

sandrapidal.com

btvstudios.com

aberdareroyalcottages.com

officialgiftclub.com

kerdbooks.com

havemercyinc.net

sunsitek.com

larek.store

radioapostolicadigital.com

xcuswaeheje.com

ndk168.com

pcareinc.com

beconfidentagain.com

codejunkys.com

constancescot.com

inbarrel.com

thepurepharmacy.com

finoblog.com

orderbbqculinary.com

bgshtswp.com

hezhengnet.com

clerolaustrie.com

speedysnacksbox.com

amazonia.coffee

mnkmultiservicios.com

antips.com

powerofphoto.com

trackyourvote.com

equiposddl.com

mintmobikeplus.com

grn-shop.com

fabslab.coffee

musicindustrymag.com

cyprusdivingcenters.com

sunsilify.com

rehabcareconnect.com

kingscarehospital.com

pompomlearning.com

Targets

- Target
  
  PAYMENTADVICE.xlsx
- Size
  
  2.3MB
- MD5
  
  6a665d2ebffb301cd53b051cf04337b3
- SHA1
  
  74b35d94beacfe37f41cc6891e7ddc96a442c0bd
- SHA256
  
  08a0ab3c46df8c30ed29ab0ab4d5cc733c421cbff42490788a34f5aba13bb37b
- SHA512
  
  8b19d0ffa2315b8ff74eece86ab92bc417523867291589700cf086f6a3aa0199e119fcd55a04d05e007a15bdfaceeeab6a31c1906d7bd8ca37c50fdcaea6ecae
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderloaderratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy