formbook

General

Target

DOC20221007-5678909876556.exe
Size

339KB
Sample

221007-qkln3aceh7
MD5

68cefe0a5521538e4745e06324711ae8
SHA1

fe34b8fd9db97fc9b364cd97a61adb2b2a9106e1
SHA256

e1e24096115fd98ae7530681689f2aa437df7f6e3c359848232362b583cdcc9c
SHA512

20e5a6d897edd6fe1b2683c310639b26cfab6e735cc95fd387922f05f8ac1cc3c7683acddca9994637678f966a3493fad483a2c811e06143a8f2df969199066a
SSDEEP

6144:oTtbE2/APfaD4dtSnwBWFG5kJk2DgHXRirZPxmsImC:yh5oP5tC46G5FPXMZPxmsImC

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Extracted

Family

xloader

Version

3.7

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

- Target
  
  DOC20221007-5678909876556.exe
- Size
  
  339KB
- MD5
  
  68cefe0a5521538e4745e06324711ae8
- SHA1
  
  fe34b8fd9db97fc9b364cd97a61adb2b2a9106e1
- SHA256
  
  e1e24096115fd98ae7530681689f2aa437df7f6e3c359848232362b583cdcc9c
- SHA512
  
  20e5a6d897edd6fe1b2683c310639b26cfab6e735cc95fd387922f05f8ac1cc3c7683acddca9994637678f966a3493fad483a2c811e06143a8f2df969199066a
- SSDEEP
  
  6144:oTtbE2/APfaD4dtSnwBWFG5kJk2DgHXRirZPxmsImC:yh5oP5tC46G5FPXMZPxmsImC
Score

10^/10

formbook xloader c1no loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2