formbook

General

Target

Musterkatalog 2022.pdf.exe
Size

441KB
Sample

220916-p8m2csfha3
MD5

f05688143f41772720ace022f048373a
SHA1

a31f1b5d3dc4de99622a0bd8d31b6e88f2c34cea
SHA256

b7097860f2bbfcff38f49c8fb3b9e55c4dcc339202a3ab3b141f0fd13eab2b86
SHA512

454c8ac0177246292b0f8fb3d07cb9244b2c3f1ef5acb4ff9833120371a20b0cacc92218d74ba58a75c9f76482e0bddae0a4e7d4c3e36bf4396148b65c3f4544
SSDEEP

6144:tpznbUTNWFObvPYU0UwBPnLrKx72+WQrIKPRFCabWsLK4KieG:t9DFcvB0UuPnLr672+WQrFCabWsLKFK

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Extracted

Family

xloader

Version

3.8

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Targets

- Target
  
  Musterkatalog 2022.pdf.exe
- Size
  
  441KB
- MD5
  
  f05688143f41772720ace022f048373a
- SHA1
  
  a31f1b5d3dc4de99622a0bd8d31b6e88f2c34cea
- SHA256
  
  b7097860f2bbfcff38f49c8fb3b9e55c4dcc339202a3ab3b141f0fd13eab2b86
- SHA512
  
  454c8ac0177246292b0f8fb3d07cb9244b2c3f1ef5acb4ff9833120371a20b0cacc92218d74ba58a75c9f76482e0bddae0a4e7d4c3e36bf4396148b65c3f4544
- SSDEEP
  
  6144:tpznbUTNWFObvPYU0UwBPnLrKx72+WQrIKPRFCabWsLK4KieG:t9DFcvB0UuPnLr672+WQrFCabWsLKFK
Score

10^/10

formbook xloader dwdp loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2