formbook

General

Target

Arrival Noticed.r15
Size

492KB
Sample

210910-ad71qahaa4
MD5

23cd532cfb2e10fa2d46694900a3d5cf
SHA1

67950fbdd5d0d25cdb9267050e66271fcdfe1f96
SHA256

c5d97d9216a033886d9c61e05fe0cae57451ca7b5d8c7b32ac5103cdb763acad
SHA512

299e0daa727b7f0d8b2824dddd5e8cb81f19b21086fd316d3a1480e34d28638ecb967d6f8d5bcc3f19fb2ebf465c58cca69249488926d9482d77a4db7fa86895

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

- Target
  
  B7hG4D8Jqvkw77U.exe
- Size
  
  701KB
- MD5
  
  59ddaf036f92887a34441505f84d8cc8
- SHA1
  
  85745689e2f889b94b37379393a97a7a87dfec8b
- SHA256
  
  34f75f8458b1f58bdb1e8ff1a46270f98c6d246d213413cd0c4a7708e15e82c9
- SHA512
  
  336d392772f6d65f203f246c462673c92a293b91f4afc226c9613a80444004f69ef18572854e5755b22602efebfe6a0ad167a12a97ba00922a0fc8aaa3d7b0e5
Score

10^/10

formbook xloader t75f loader persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2