formbook | 1d504613d93ba714b247d0b35b1182cebf4a7b3bd33261f0aed1b7fdcd2e3075 | Triage

Sharing

General

Target

1d504613d93ba714b247d0b35b1182cebf4a7b3bd33261f0aed1b7fdcd2e3075
Size

328KB
Sample

221207-nnbl6aff91
MD5

31d0788e3cd2c03d23d92b8b2b8d6b99
SHA1

1d8d40796fbeb7b11494d9a170e9075ca57cc877
SHA256

1d504613d93ba714b247d0b35b1182cebf4a7b3bd33261f0aed1b7fdcd2e3075
SHA512

224c01004cd008866cc2995e2d80d749982e62bb4fc058736bee80190b49e9a2935a033f4d376d8d6f73f7da7061e11a29c191d5ad4d9599006ac59c7eca1605
SSDEEP

6144:tNB+sYuZZRk0az7XGZBgc4BLbNBmR03HivnMR7xHcn5a:tv+jcAT32HR0n7xHcn5a

Score

10^/10

formbook xloader qsqm loader rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

qsqm

Decoy

gYI8BO7T7BQOBw==

5kKpX8NHT4cITCAOEkMYvi5HiMZ5

oq5lCVwFY9KNJipM

OiTOjWhDMXBf8H9o79k=

rSDHx5jqNn3Sz/LND/0G

ob6FSUE4NYUi5Iqg1YGfMg==

fI5oMbAC5EAeerSKKRM2PjF7TYJh

lmWieqE8QHg=

yLxwFWm+rbCJXqE=

MyY9R8VCSaAtEJY2MdHAXKY=

WYA53Ezjh808

EPu6bfMPNJUh

upyUkeqQ6B/FJyq2PCiwnZf/

RvN3e2hDLJQmo9qtZTVoRmPi

hZhWEObjh808

K1gowrFsO5p0UchTUEVoRmPi

7hXPaZ6i+F7o2L8OCCyhNA==

bIp+E/xrSG9QHA==

+EPrJAdvSG9QHA==

METFhoRGH1sBBWhAbA==

Extracted

Family

xloader

Version

3.ƅ

Campaign

qsqm

Decoy

gYI8BO7T7BQOBw==

5kKpX8NHT4cITCAOEkMYvi5HiMZ5

oq5lCVwFY9KNJipM

OiTOjWhDMXBf8H9o79k=

rSDHx5jqNn3Sz/LND/0G

ob6FSUE4NYUi5Iqg1YGfMg==

fI5oMbAC5EAeerSKKRM2PjF7TYJh

lmWieqE8QHg=

yLxwFWm+rbCJXqE=

MyY9R8VCSaAtEJY2MdHAXKY=

WYA53Ezjh808

EPu6bfMPNJUh

upyUkeqQ6B/FJyq2PCiwnZf/

RvN3e2hDLJQmo9qtZTVoRmPi

hZhWEObjh808

K1gowrFsO5p0UchTUEVoRmPi

7hXPaZ6i+F7o2L8OCCyhNA==

bIp+E/xrSG9QHA==

+EPrJAdvSG9QHA==

METFhoRGH1sBBWhAbA==

Targets

- Target
  
  1d504613d93ba714b247d0b35b1182cebf4a7b3bd33261f0aed1b7fdcd2e3075
- Size
  
  328KB
- MD5
  
  31d0788e3cd2c03d23d92b8b2b8d6b99
- SHA1
  
  1d8d40796fbeb7b11494d9a170e9075ca57cc877
- SHA256
  
  1d504613d93ba714b247d0b35b1182cebf4a7b3bd33261f0aed1b7fdcd2e3075
- SHA512
  
  224c01004cd008866cc2995e2d80d749982e62bb4fc058736bee80190b49e9a2935a033f4d376d8d6f73f7da7061e11a29c191d5ad4d9599006ac59c7eca1605
- SSDEEP
  
  6144:tNB+sYuZZRk0az7XGZBgc4BLbNBmR03HivnMR7xHcn5a:tv+jcAT32HR0n7xHcn5a
Score

10^/10

formbook xloader qsqm loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderqsqmloaderratspywarestealertrojan