formbook

General

Target

KhQbm6cw8BSvGQH.exe
Size

946KB
Sample

221202-vee2jsfc39
MD5

a0e0041b5cc1caf86029d98524c09489
SHA1

d2d70e73fd2ec34ab0c7c157561cc41aa689d3f9
SHA256

7a235cfadbd748b39ad61448836b2fde622f708806d83c64a51a8207fe69c2b1
SHA512

bf06b58df4a752bc2bbe2375b9b0464bef6687a5dcb0c06c92aef24b068d20d27eb4ecb06bde5df8725131dcf24e252080666bbb0defb48744a6f6b379cbca5e
SSDEEP

24576:NQqxskYLPwUZpYzMrcCtxbnNSwENTiwAAgEEY4:O/LoUZWzMr1xrreTQp

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

2qgh

Decoy

7cUtkK451uW3IAE4/yY=

r7cDdn3Mbv9AuOLyud/l

VzVz5W7v/eHsJw==

+gUH0Vq3gppOPUwFstbvBQ==

LT02F9l1LM8fDyv7pu3lEg==

IRvy0sU/9TJI4XXyud/l

j2uvJzxRAzHv7gFT+TE=

2z/CJFZUKKcMPw==

WrXt6QWBJVNNh4iopu3lEg==

cFvMK1DkuFOH6XDyud/l

XbuL8S98LCJRoT0=

ScMKAv1fM1gPNynvgzQxp4wjgQ==

wg5XO8QJ/eHsJw==

XwzcMbUJ/eHsJw==

pINRMecMhdpdczc=

GfpawLT109ImVyo=

m6uQf5oY79fZCeS9

MP9cvCAc8Hm6

F0861AT+HRQSOg==

fOEUByeNA4PBO4c5mAn5Eud1Xdw=

Extracted

Family

xloader

Version

3.ƅ

Campaign

2qgh

Decoy

7cUtkK451uW3IAE4/yY=

r7cDdn3Mbv9AuOLyud/l

VzVz5W7v/eHsJw==

+gUH0Vq3gppOPUwFstbvBQ==

LT02F9l1LM8fDyv7pu3lEg==

IRvy0sU/9TJI4XXyud/l

j2uvJzxRAzHv7gFT+TE=

2z/CJFZUKKcMPw==

WrXt6QWBJVNNh4iopu3lEg==

cFvMK1DkuFOH6XDyud/l

XbuL8S98LCJRoT0=

ScMKAv1fM1gPNynvgzQxp4wjgQ==

wg5XO8QJ/eHsJw==

XwzcMbUJ/eHsJw==

pINRMecMhdpdczc=

GfpawLT109ImVyo=

m6uQf5oY79fZCeS9

MP9cvCAc8Hm6

F0861AT+HRQSOg==

fOEUByeNA4PBO4c5mAn5Eud1Xdw=

Targets

- Target
  
  KhQbm6cw8BSvGQH.exe
- Size
  
  946KB
- MD5
  
  a0e0041b5cc1caf86029d98524c09489
- SHA1
  
  d2d70e73fd2ec34ab0c7c157561cc41aa689d3f9
- SHA256
  
  7a235cfadbd748b39ad61448836b2fde622f708806d83c64a51a8207fe69c2b1
- SHA512
  
  bf06b58df4a752bc2bbe2375b9b0464bef6687a5dcb0c06c92aef24b068d20d27eb4ecb06bde5df8725131dcf24e252080666bbb0defb48744a6f6b379cbca5e
- SSDEEP
  
  24576:NQqxskYLPwUZpYzMrcCtxbnNSwENTiwAAgEEY4:O/LoUZWzMr1xrreTQp
Score

10^/10

formbook 2qgh rat spyware stealer trojan xloader loader
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2