formbook

General

Target

697864448562120dd68a9b3a4c36f294292626999e3c80d3217206544e3f91b1
Size

280KB
Sample

221123-w12ccage2s
MD5

b485b58008975a5daae212fadc145f9c
SHA1

c12e8d4fa7faa87116fce3d7c7875f20e10bf9d4
SHA256

8b51e1c66c394812028ceeb8dba3c4d9ea76474ec55829de318353b0818e71e6
SHA512

39d8d21c2c1cc8a011fc675f17d9b30e9f703ad7c42750ff4341fb32852688d0250f5e62e6b91875530d1d5bb9d870ca0fe1b75951ee624e5e2add97b9862357
SSDEEP

6144:PY6jPEfIxrjvwd9Dhu1nbuPnFlzFeVuEqJa64BURVXR0Ah4eZXB2uUyR:PpjsBhwbuPFlzF0uEqCiHR0AB4uL

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Extracted

Family

xloader

Version

3.�E

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

- Target
  
  697864448562120dd68a9b3a4c36f294292626999e3c80d3217206544e3f91b1
- Size
  
  304KB
- MD5
  
  60d9730a7f59ab1fd59f0714ef881b06
- SHA1
  
  ca8d63135460836a001a38b50c28eae975a2a36c
- SHA256
  
  697864448562120dd68a9b3a4c36f294292626999e3c80d3217206544e3f91b1
- SHA512
  
  ef6c2bb3fcb705da66416bee8191c9ec7f8992aef9bc5bc108742f15cfc132d2887062e3a85977b0ae005ea8796fb3670517da834534107454957209a851bac4
- SSDEEP
  
  6144:U5SuupRIxrjvwT97hu1nbuTnFlzFeVuQqJa64BUR3XR0Ah0eZXBp6bS0fhr8w:UghhwbuTFlzF0uQqCidR0AJrcS0fhr8w
Score

10^/10

formbook xloader pgnt loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2