formbook

General

Target

SecuriteInfo.com.Trojan-Spy.MSIL.Agent.17922.28574.exe
Size

444KB
Sample

221123-e3nqlabb27
MD5

051107689f0c224a1af4d45e5a13d146
SHA1

1a73407cd1375b2cd8e04248ab3af32504a1b3f2
SHA256

803ce3a81dac97819000978aa8798f1d2464e12785d1625aa5ee01d0589ec8a2
SHA512

9777317a2d9258de7530425ac9a4d9738f5b894fd3319f42ff165e1d61e1dbffb28253b20b3991328544345dcd236a2bb07034fe7f71096ea1fb7ead1723f73a
SSDEEP

12288:eGhe78hVqtYGqEfXh3ZrNlS17ics7ZsZ:N13Gtx3Z5lSRip1

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Extracted

Family

xloader

Version

3.ƅ

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

- Target
  
  SecuriteInfo.com.Trojan-Spy.MSIL.Agent.17922.28574.exe
- Size
  
  444KB
- MD5
  
  051107689f0c224a1af4d45e5a13d146
- SHA1
  
  1a73407cd1375b2cd8e04248ab3af32504a1b3f2
- SHA256
  
  803ce3a81dac97819000978aa8798f1d2464e12785d1625aa5ee01d0589ec8a2
- SHA512
  
  9777317a2d9258de7530425ac9a4d9738f5b894fd3319f42ff165e1d61e1dbffb28253b20b3991328544345dcd236a2bb07034fe7f71096ea1fb7ead1723f73a
- SSDEEP
  
  12288:eGhe78hVqtYGqEfXh3ZrNlS17ics7ZsZ:N13Gtx3Z5lSRip1
Score

10^/10

formbook xloader t5ez loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2