formbook

General

Target

f5G3iGDs25iJjZE.exe
Size

1.1MB
Sample

220322-keqg6segf3
MD5

33899614b3fe24bc02dfb4c1f84dabdc
SHA1

8dbc988c06f51cce14e4cc95717241fb1521fac6
SHA256

b36891ab4a7fa6be1680a65614dd5551a3fa8a89052c381a954601eedd82e62c
SHA512

30058e2e8d6da6b5e0db01cdab70cfb9af8bfb93aed69a009cdba0f1be4c9b805472a531a5abd4dc56f46349ff43a6ce797e98123898719a38e5329920aac5ad

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wdc8

Decoy

mygotomaid.com

joyoushealthandwellnessspa.com

wefundprojects.com

magicbasketbourse.net

vitos3.xyz

oligopoly.city

beauty-bihada.asia

visitnewrichmond.com

crgeniusworld.biz

bantasis.com

transsexual.pro

casagraph.com

eastjamrecords.com

howtotrainyourmustache.com

heiappropriate.xyz

bataperu.com

ces341.com

prajahitha.com

manuelagattegger.com

wolfpackmotorcycletours.com

Targets

- Target
  
  f5G3iGDs25iJjZE.exe
- Size
  
  1.1MB
- MD5
  
  33899614b3fe24bc02dfb4c1f84dabdc
- SHA1
  
  8dbc988c06f51cce14e4cc95717241fb1521fac6
- SHA256
  
  b36891ab4a7fa6be1680a65614dd5551a3fa8a89052c381a954601eedd82e62c
- SHA512
  
  30058e2e8d6da6b5e0db01cdab70cfb9af8bfb93aed69a009cdba0f1be4c9b805472a531a5abd4dc56f46349ff43a6ce797e98123898719a38e5329920aac5ad
Score

10^/10

xloader wdc8 loader rat formbook persistence spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2