formbook

General

Target

tmp
Size

269KB
Sample

221129-mx4hvseh5v
MD5

ab19893b5cb5cc981ae08a3964f16e15
SHA1

23b5898bcc3ab1fb60a85f46cec31e6b29c6f114
SHA256

ae9b827c9ea8f76498bd357516a966d63a386ae681d57a7defe9b90d5dfec29a
SHA512

56fb7e6b073b54f31eb5c7bbd0da85eb8ad12f88988406e27ee332ae2225660b73465b208cffd5ccb73c7c982300a88f96c8e5032544a9eeb1887c3d463dbb33
SSDEEP

6144:GmubVdOGB4obzF7lT0J1SfNFL3tbUdsSxX7/BWjqFw9Qd:sZ2obzpi8F93twdsSV7ZTFo

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

ph6j

Decoy

WM1X00j5iDAYA6zcncQr

3CPsxwpxiZ+SikeciM4y

XDDKDkvuplKRxq7feLyksK6Z0g==

/msAxzfw/5RdtIwTnk4=

GHxNObZXuq2sys8=

GPXEaDIkd59RoawN

5M9MVMeb3o4NDeAt4wTxd7OY0A==

A9xTe+i4ZXwyiJvfyapcIw==

RaIVfPihP24siJq9ZtH+s1Y=

B/6EfAHA2/QDKCuTLEv47tg22b7kZQ==

uCu5N6ha86KYvYwTnk4=

vyLwu/BkYQyEhi4Vi7oirhXXOqI=

pv66ktZy6mbiAQ==

jtVK3hed6mbiAQ==

awdUpNKVm80=

NhPiQbxl+x3MEaXauk31+bXZ

OfObW8qMDUjDR+0F

4Wk7Ip9e2wi+AvWciM4y

eGAriArN1AItvGBnMQ==

5bF+B0DO+CJTnjFT+wmvsK6Z0g==

Extracted

Family

xloader

Version

3.ƅ

Campaign

ph6j

Decoy

WM1X00j5iDAYA6zcncQr

3CPsxwpxiZ+SikeciM4y

XDDKDkvuplKRxq7feLyksK6Z0g==

/msAxzfw/5RdtIwTnk4=

GHxNObZXuq2sys8=

GPXEaDIkd59RoawN

5M9MVMeb3o4NDeAt4wTxd7OY0A==

A9xTe+i4ZXwyiJvfyapcIw==

RaIVfPihP24siJq9ZtH+s1Y=

B/6EfAHA2/QDKCuTLEv47tg22b7kZQ==

uCu5N6ha86KYvYwTnk4=

vyLwu/BkYQyEhi4Vi7oirhXXOqI=

pv66ktZy6mbiAQ==

jtVK3hed6mbiAQ==

awdUpNKVm80=

NhPiQbxl+x3MEaXauk31+bXZ

OfObW8qMDUjDR+0F

4Wk7Ip9e2wi+AvWciM4y

eGAriArN1AItvGBnMQ==

5bF+B0DO+CJTnjFT+wmvsK6Z0g==

Targets

- Target
  
  tmp
- Size
  
  269KB
- MD5
  
  ab19893b5cb5cc981ae08a3964f16e15
- SHA1
  
  23b5898bcc3ab1fb60a85f46cec31e6b29c6f114
- SHA256
  
  ae9b827c9ea8f76498bd357516a966d63a386ae681d57a7defe9b90d5dfec29a
- SHA512
  
  56fb7e6b073b54f31eb5c7bbd0da85eb8ad12f88988406e27ee332ae2225660b73465b208cffd5ccb73c7c982300a88f96c8e5032544a9eeb1887c3d463dbb33
- SSDEEP
  
  6144:GmubVdOGB4obzF7lT0J1SfNFL3tbUdsSxX7/BWjqFw9Qd:sZ2obzpi8F93twdsSV7ZTFo
Score

10^/10

formbook xloader ph6j loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2