formbook

General

Target

mary.bin.zip
Size

28KB
Sample

221027-3qq7ysechk
MD5

1e2f3bee32401d913b39df985cbc4ca8
SHA1

4536675b00aa1967474bf3e2a97c55374e6e8439
SHA256

049549f50f5dd8774148408e909bee0ae120ef176386ed3857ed77c9b52e6667
SHA512

2a8b55a6cfd98aa8c5c710af62ccb7ff49eaae87492a9f3f04c54e3cbbcc2e683d5077e07e38fac84f6061f54d1c103ae363b31bcba55d789b50f0dc98a84543
SSDEEP

768:eg3bUOYujciJyndDG/muopy9Nrg0bG43N52HHrM3k:iTuAiJoyZ3rgJ49Cw3k

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

bbuy

Decoy

wqbqKCTkCwjtbad3vwJI6Z+a

EqD7JRhUV2ZQDnU=

UlWd0LffZzZeGY0BzkxroA==

sAbXk3SNlPOcRleKI+k=

HCpzqZKnJGDpf+qsxnOnvQ==

vGdG6Ezu8mctzfLnmX/FLDeiPS3M

tcctT/pPwrv7mdA0aw==

Tr6fUz4Ae0mrGA==

NxZtBUfk3aqxS1eKI+k=

TSUVzyy9hBs65j7xXSRVBx+M

fObBavCu4OEt/0pTr98J

2ap9Oy1p8MQP+EtTr98J

FL4Q0TXr1iHWjezVUdQtFT4=

kSFvf2KUliCDOWwacw==

ctqtSLZvqqr/xym6xnOnvQ==

8DqrrnN58fVC

fIrZCP4xwLt7CkGppluStw==

PFKUNZxcpLCtk6yjMus=

4CKOs2UMhs9P8EvLAXO1Hj8aNA==

0pEGOQOa0+SOV9AnYg==

Extracted

Family

xloader

Version

3.ƅ

Campaign

bbuy

Decoy

wqbqKCTkCwjtbad3vwJI6Z+a

EqD7JRhUV2ZQDnU=

UlWd0LffZzZeGY0BzkxroA==

sAbXk3SNlPOcRleKI+k=

HCpzqZKnJGDpf+qsxnOnvQ==

vGdG6Ezu8mctzfLnmX/FLDeiPS3M

tcctT/pPwrv7mdA0aw==

Tr6fUz4Ae0mrGA==

NxZtBUfk3aqxS1eKI+k=

TSUVzyy9hBs65j7xXSRVBx+M

fObBavCu4OEt/0pTr98J

2ap9Oy1p8MQP+EtTr98J

FL4Q0TXr1iHWjezVUdQtFT4=

kSFvf2KUliCDOWwacw==

ctqtSLZvqqr/xym6xnOnvQ==

8DqrrnN58fVC

fIrZCP4xwLt7CkGppluStw==

PFKUNZxcpLCtk6yjMus=

4CKOs2UMhs9P8EvLAXO1Hj8aNA==

0pEGOQOa0+SOV9AnYg==

Targets

- Target
  
  mary.bin
- Size
  
  56KB
- MD5
  
  e8bf77b057a93cafe70b86fdb9da6aed
- SHA1
  
  53f70d6a1f0a48522d90e1612bdf3c4b122fc504
- SHA256
  
  f53340a00d5248f81164bd5a1880698c4926cf62dc2fc5c93696f87780733b1a
- SHA512
  
  56d4f69822d9790caec4d53a3112038c7b0b518c013638ad7865dbd7a5e80d3d46b4da5d6170e888f5f3ae6c58231b2c3fbc7763f3107965eedb52b05d46461f
- SSDEEP
  
  768:k8s3JoK3x2Ncv+kIQZ5N9Fe6HmBouzruiRPPrk+FP:kB36I1vxIMW6HmBxuixPd
Score

10^/10

formbook xloader bbuy loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Blocklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2