formbook

General

Target

SecuriteInfo.com.Trojan.PackedNET.1293.15096.13658.exe
Size

457KB
Sample

220928-xs8bcsaabj
MD5

5e05c35758558bf936b2a5d460fc10c6
SHA1

9e1627ae2217e2df42f8286fa96aefcaedcf0714
SHA256

99c02a7c1b1ddaa81bdfdae23ede32858e8c8acfb4b14556202e4c427cdd7b4b
SHA512

f0940d8df03a0f0b15065e6a1e195c936c2bf835d19cf08bb715a64eef73055b59e9a70bc99a652735c9215b281af828c7db24d2ba43efecb2db5dd1b32d289a
SSDEEP

6144:CKtGsCr2L2Ai/dpxEEsHF1yZvKFc8fDJdBxCfRI5+cYjZBvQqa+:ftGVr2L2Ai/TR01y6cIJxORIscYjToq

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Extracted

Family

xloader

Version

3.8

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.1293.15096.13658.exe
- Size
  
  457KB
- MD5
  
  5e05c35758558bf936b2a5d460fc10c6
- SHA1
  
  9e1627ae2217e2df42f8286fa96aefcaedcf0714
- SHA256
  
  99c02a7c1b1ddaa81bdfdae23ede32858e8c8acfb4b14556202e4c427cdd7b4b
- SHA512
  
  f0940d8df03a0f0b15065e6a1e195c936c2bf835d19cf08bb715a64eef73055b59e9a70bc99a652735c9215b281af828c7db24d2ba43efecb2db5dd1b32d289a
- SSDEEP
  
  6144:CKtGsCr2L2Ai/dpxEEsHF1yZvKFc8fDJdBxCfRI5+cYjZBvQqa+:ftGVr2L2Ai/TR01y6cIJxORIscYjToq
Score

10^/10

formbook xloader nrln loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Blocklisted process makes network request

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2