formbook

General

Target

tmp
Size

270KB
Sample

220705-pgzk3shafm
MD5

40292541a586f5c7e2af4f0b5efde77c
SHA1

4fc8c817e38575a5427fdd2741abf20fc9fb3365
SHA256

0dbc37565a20d8e5d40c4c554a194719291bc91ab86db587337b580106f41cb8
SHA512

ceb7888d6a1a94f898f9fb3e44db01574256e59e7690238384fcc853b55553089d2fbf221b179b5cf4baaa54bc6f58ad3db3b36dc747170d10209f4fa4339091

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uajq

Decoy

pixeldoughnut.com

amadeushosting.com

sitecindustrial.com

orsaigroup.com

jmuse-dev.com

angelobreviario.com

storesafe.xyz

40veryoung.com

65228267.com

xmpanshi.com

luxorscbd.com

saoirsia.com

akwadcom.com

spreast.com

net-empresa12pcs.com

avlaoge1.com

projectmuellerllc.com

hvelv.com

a2bproject.com

myhome-huahin.com

Targets

- Target
  
  tmp
- Size
  
  270KB
- MD5
  
  40292541a586f5c7e2af4f0b5efde77c
- SHA1
  
  4fc8c817e38575a5427fdd2741abf20fc9fb3365
- SHA256
  
  0dbc37565a20d8e5d40c4c554a194719291bc91ab86db587337b580106f41cb8
- SHA512
  
  ceb7888d6a1a94f898f9fb3e44db01574256e59e7690238384fcc853b55553089d2fbf221b179b5cf4baaa54bc6f58ad3db3b36dc747170d10209f4fa4339091
Score

10^/10

formbook xloader uajq loader persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2