formbook

General

Target

8034966121.zip
Size

260KB
Sample

220918-dl53waefan
MD5

1aa386b1f712c15f46021c02ff3bd311
SHA1

d9ed38d47d5dd1436ca869ef0a74549f455cfe7d
SHA256

e81b6467fc8bb48bf57171450f37224deb85e34ce780a6ca311ca89c16f9e70a
SHA512

affeb736fcf26b30ead0b2eca99886a22bdaaebdc4a9f3209001b43dca2b291ec5ca5458ed3d5858f916c6acbf08a70b1894bb108f31ce58fee92036048f88a9
SSDEEP

6144:yn9btu3Yt9q+tsr7IfgSf33G6Ll/7ftT7j:YsK87MxPG61ftT7j

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Extracted

Family

xloader

Version

3.8

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Targets

- Target
  
  6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501
- Size
  
  288KB
- MD5
  
  b8b284b3a4e835f5b3785b9ffe794e9d
- SHA1
  
  448bb364b3713aa4cad2637eedf008ad4ba1f05c
- SHA256
  
  6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501
- SHA512
  
  9a111fcc66fed623ffbf743649b5a5ec00d6365d7d2afe0ae32d8bfd66b075d4a4e74b25b4d9ff0e14e8a9ea4c5dc206e24af0002ee9130168b9a8708b84b6ea
- SSDEEP
  
  6144:HyPgfiscyrkdbMjgFP9lpYQKe/YC0R2nBtH6KZyxHro6aRtzG:SPgacw5MjmsQdYC0iIK4xHs6aRt6
Score

10^/10

formbook xloader dwdp loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2