formbook

General

Target

RAQ11986.exe
Size

361KB
Sample

210226-vtnjgdplcj
MD5

725cb0465119c2d5cc1412e3d555ad04
SHA1

d6623ecd4f819c1597392fe423d41be071a000e1
SHA256

b32d120bf6320cf1d2d2223ad2a797eb0c20efceb12bd0655642387452ef3b6e
SHA512

4b9c8d288433d18be705099752bff38020c99b5496ce66e0a2cfeb99195840c9911f9b871620abb6219a873f05c2efb4b11507db6be386ba0639e545e3d53ae6

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.wissinkadams.com/iae2/

Decoy

mainstreetswimschool.com

nhadat9chu.com

guidedcommercialloan.com

quandd.site

smittysfrontlinecarriers.com

hmas-vibrant.com

pakunok.net

jiffihosting.com

shopping-container.com

quartiercreole.net

weebflix.com

gringomexico.com

whathappensnextin6minutes.com

patchealth.com

exclusivelymarissa.com

my-glp.com

trgtbk.com

sagefemmecaluire.com

fetaldiagnosislaboratorios.com

aniversariocom-presente12.com

Targets

- Target
  
  RAQ11986.exe
- Size
  
  361KB
- MD5
  
  725cb0465119c2d5cc1412e3d555ad04
- SHA1
  
  d6623ecd4f819c1597392fe423d41be071a000e1
- SHA256
  
  b32d120bf6320cf1d2d2223ad2a797eb0c20efceb12bd0655642387452ef3b6e
- SHA512
  
  4b9c8d288433d18be705099752bff38020c99b5496ce66e0a2cfeb99195840c9911f9b871620abb6219a873f05c2efb4b11507db6be386ba0639e545e3d53ae6
Score

10^/10

formbook xloader loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Beds Protector Packer

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2