formbook

General

Target

Al Muhaidib Group KSA.Order With our Company Profile.doc.gz.exe
Size

313KB
Sample

220928-x3s97aaadl
MD5

624b5a402b803e5387ad3703512b6245
SHA1

c13ee0108903b3e3408db80e9d8b601f4831649b
SHA256

6cb6ca24a5438e646c710e6f4f0c7f4f79d12faa9cf647e89a215083eea45417
SHA512

cc7d20501feadf1599f936d8bba67973c052af9c99a617efde1b3d56b7c3b6b4be86865e924b25efbf2bb1486355bcff07c52459d7da5b202b0c701087daab8b
SSDEEP

6144:Mnfj51HnOQ7hseU+3FfVpJem0rHkMMQNI2tK+u:+5tnnN13FbEkOpK

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

r4am

Decoy

7s+N0ZPIJ9VpqrvtKksXc7XuyWQV

b10VlJxyr+gCSypTPq+ttg==

p38gcQiwILmDccYrmbc=

J/ORoE40XwuxoUBl0DCnAjg=

waVc3Ur4Ig/2N0Ju2wG1DbgtjWxhIxs=

yp97AnUvgTnkTw4b

mYElQRz+60TcJwkmpAqVnYfUymE=

aUfuNJdSXN/qNxE/cpiTmoTL/4cd

aR/gJFPYz8rH+cVCjpty

xY45ukYcf0olJqofG75t

TBq3DAxHoNxz8qesW9Ft

TTP/Dhhszw/D8kZdFg==

qHgNTp0fYKBi19z346EcuNxg

A83SygeBE+V16/U=

LOesLh1Ykw8BKSmyaV1l

y6paCH8rmVAlJQ==

vYwzUX3wKXJGnWGyaV1l

lXVE0tXBtEtmmVeyaV1l

dV80xnHwI1aoF/MR

AN1o76cpYJhWVyFS1TCnAjg=

Extracted

Family

xloader

Version

3.8

Campaign

r4am

Decoy

7s+N0ZPIJ9VpqrvtKksXc7XuyWQV

b10VlJxyr+gCSypTPq+ttg==

p38gcQiwILmDccYrmbc=

J/ORoE40XwuxoUBl0DCnAjg=

waVc3Ur4Ig/2N0Ju2wG1DbgtjWxhIxs=

yp97AnUvgTnkTw4b

mYElQRz+60TcJwkmpAqVnYfUymE=

aUfuNJdSXN/qNxE/cpiTmoTL/4cd

aR/gJFPYz8rH+cVCjpty

xY45ukYcf0olJqofG75t

TBq3DAxHoNxz8qesW9Ft

TTP/Dhhszw/D8kZdFg==

qHgNTp0fYKBi19z346EcuNxg

A83SygeBE+V16/U=

LOesLh1Ykw8BKSmyaV1l

y6paCH8rmVAlJQ==

vYwzUX3wKXJGnWGyaV1l

lXVE0tXBtEtmmVeyaV1l

dV80xnHwI1aoF/MR

AN1o76cpYJhWVyFS1TCnAjg=

Targets

- Target
  
  Al Muhaidib Group KSA.Order With our Company Profile.doc.gz.exe
- Size
  
  313KB
- MD5
  
  624b5a402b803e5387ad3703512b6245
- SHA1
  
  c13ee0108903b3e3408db80e9d8b601f4831649b
- SHA256
  
  6cb6ca24a5438e646c710e6f4f0c7f4f79d12faa9cf647e89a215083eea45417
- SHA512
  
  cc7d20501feadf1599f936d8bba67973c052af9c99a617efde1b3d56b7c3b6b4be86865e924b25efbf2bb1486355bcff07c52459d7da5b202b0c701087daab8b
- SSDEEP
  
  6144:Mnfj51HnOQ7hseU+3FfVpJem0rHkMMQNI2tK+u:+5tnnN13FbEkOpK
Score

10^/10

formbook r4am rat spyware stealer trojan xloader loader
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2