formbook | d78c836b04c545ba988741e695408016f8ec243f4eab09893b5b1b790bd62067 | Triage

Submit
Reports

Overview

overview

Static

static

1

bank swift......exe

windows7_x64

bank swift......exe

windows10_x64

Resubmissions

27-09-2021 04:46

210927-fd5s9affen 10

17-09-2021 00:03

210917-ab8t8shcgp 10

Sharing

General

Target

bank swift scan pdf....daa
Size

254KB
Sample

210927-fd5s9affen
MD5

e80f93039db4d384585f617edd6c0ad9
SHA1

313e4837fc987ab9bfc94c097b9e1cb8cdf2bbd0
SHA256

d78c836b04c545ba988741e695408016f8ec243f4eab09893b5b1b790bd62067
SHA512

6209e3391cdd7e0d03f603291e582d7e8f9b509ef4d07a255b112965dae6eec737a8e4cbc894d0ecfb8df6669a623f32337eb7b63134d188605c8a6ed7ade986

Score

10^/10

formbook xloader di4c loader persistence rat spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

bank swift scan pdf....exe

Resource

win7v20210408

formbook xloader di4c loader persistence rat spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bank swift scan pdf....exe

Resource

win10-en-20210920

xloader di4c loader persistence rat spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

di4c

C2

http://www.dropadsmedia.com/di4c/

Decoy

oscd.store

simplyminiatures.com

famouslovebackbaba.com

turkesteronesupplement.com

most-attractive.com

le-thermoplongeur.com

joydeb.xyz

incomepanther.com

infoterkiinii.xyz

indigocard.website

plasthecnolgy.com

canmamap.com

aviationtrainingworldusa.com

successoffplan.com

desert-breeze.com

nilavarna.com

stanthonyswelfare.com

shezefy.com

shcq08.xyz

spencerpauley.com

breakfastatbrittanys.com

workspace-mex.com

litteratorum.com

illstitute.com

framed-speed.com

buyandsellwithalec.com

xwdnawbx.xyz

mickyyoung.com

bandiu.xyz

planft.store

imaginalworks.com

lid-gb.xyz

ahgongs.com

carrirbuilder.com

neuro-ai-web-online.club

booparade.com

sketchfujitah.online

bayboatnation.com

ink2words.com

modernsolarusa.com

camuci.com

dentonlifetimedentistry.com

1ajpwvkk.icu

hangcheng56.com

suvenifa.com

spacetech-sa.com

emotionevents.xyz

momskitchenassam.com

imyandme.com

premiercattledrenches.com

procard.one

quiestcevin.com

blastofftv.xyz

live2leadinfo.com

jaalifetrx.space

weste-store.store

liquidmelon.restaurant

gjz863.icu

prince-info.com

islandsingle.com

shelazofficial.com

awhjguduahjfsd.com

notariuspublicus24.com

navneetsharma.xyz

Targets

- Target
  
  bank swift scan pdf....exe
- Size
  
  323KB
- MD5
  
  6308a0ee4b50deb37f6f6a6205d5b2d6
- SHA1
  
  0a0f239995f1be45263bc2c96440cfd3dd751cc9
- SHA256
  
  f3296e298b22250cb64e01c5e737c924410ea4489867b61758a5e0906f3d1161
- SHA512
  
  96dc213ec553ac61eeda230e74515443f9a7d708f73a6bfa4bf02b33ef7519a41f584ceb6c1db903dd8e0237444f19d33c0e513f785fbfeb5c0a822c2f3d78cc
Score

10^/10

formbook xloader di4c loader persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderdi4cloaderpersistenceratspywarestealersuricatatrojan

behavioral2

xloaderdi4cloaderpersistenceratspywarestealersuricata

© 2018-2024

Terms | Privacy