formbook | 5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2 | Triage

Submit
Reports

Overview

overview

Static

static

1

5fd570bf6d...b2.exe

windows7-x64

5fd570bf6d...b2.exe

windows10-2004-x64

Sharing

General

Target

5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2
Size

431KB
Sample

230210-lprcwsgc9s
MD5

2f4004a7c35aab17d292814c4a75ddf1
SHA1

6892b5fdea2c09e09f88b71b1f690cb39b2e8680
SHA256

5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2
SHA512

4ee8cda276fb4e6c3338bbe6b68d74ee6465a6d0a3fe852ef2cff63d68f54cf33038578e7720866619c97ca9729508ae4b78de449d8cc08e5a57052aedc2350e
SSDEEP

6144:WYa6iEHEEEzmNjVGb94lw0ByZD8zzORQdFEWoTjhiyUe/w/GtMavE/kcSF:WYwm7C94esXPdFpZJ/GtMav+FSF

Score

10^/10

formbook xloader u8ow loader persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2.exe

Resource

win7-20220812-en

formbook xloader u8ow loader persistence rat spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2.exe

Resource

win10v2004-20220812-en

formbook xloader u8ow loader persistence rat spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Campaign

u8ow

Decoy

uzhDDUNgg10rOh8rkUMGYiLuNnRWl9gwMQ==

bfkA4IUaSgYi7IA=

ezX5yHeR21O3h2RCgQ==

x3E4ntHeLMGQm0kdTi6PJtjOVS6Em8UaKA==

xJuAYwcZLAfqrVazWjvkirgFxDSf

qrGugLdannLYegX5dCtFMA==

i61nMddueAYi7IA=

RoNMKNhtdDWpeiYoaB37TPiHTLo=

RFj3UHHrDtAktSZhYku36opnsaMbNA==

lx0g+6RPl4jwwNPRPuTD

MyEQ4oGk6vXrMM4V

0IVWH0rfKe1J4nn6J9XB

SYVlN3Zrnq2OaWpDiQ==

fNa0jy3P8KQK25rpmwqd0t8=

UZuSZpW+9ffX9KXzmgqd0t8=

Vxf85YCWvYNZjkcDdCtFMA==

0gG1EzLP7/DrMM4V

WExRGVAEE6YS5tJkTxMhR636+A==

6Tv7U4QdURt1KUI+gw==

ooR7RXgsXPtaEutnaQ3efjIXmfJePavzIA==

kH1+agwHHalYZx6qIgfY

ZWt1Rm0DSQlnBqPfWQAc/tcr

cLCK7t168nLRaWpDiQ==

mhlxXnj4ae2oyA==

cNfFjLnZBAbktB6qIgfY

e4+aeK07RtRvyDdIwbTJ

zV1cO+x+pG5zGpk=

Chw2HE2XGN4+Cr/5oYw2qDok

DP/jRm13vb2eiYBXkQ==

Ma9RHLrYBdejyIc/Mg2d/8xWIqM=

VTo6X4LaHCfge/wU

sWUqRFyEF4620a0t2n8=

gFcKdpXTkQzrMM4V

OhMDz+2HrUeaOs/fJBHkCKz7+g==

VO2d9iU2Thf318SIwq0EOA==

e1ku/6K39wfJUusrm0vPx4XRqHIvPpc=

P+jz1DwdYV0=

bTf6X4eNo29HFZaYHIdgOg==

4T4u2HphcHA0

tbfJk7tho2DrMM4V

mN6i/Su4QgqJXCqCRzW3mzJHyrWX

zW04ErzqFdmbu79Rig==

ZmprSnkJRcl0JKT6J9XB

MpWLW5et5BoKKk+rm3c=

Zr2aZxK7/FrlpnRYlw==

0U3tR3qhsDuRX0ebnn0=

wwHLoEjfITb8VSKpjXQ=

U0tVJVTjQAYi7IA=

UhwL8pe04L+OaWpDiQ==

aopHm8x6r2frMM4V

Lmst/p5BnbN6FIkTOM8rEdc=

GE06CTdjgx+Q6ZIV2H8=

EEj/aJNAfnLggR7q56O3833n8g==

iNu4mEHQ21YCng0d

KDEzCTXL1lu2jm76J9XB

75FOp9va+5X90pMaWzhMstYm

dC3913qn0YlNK0+rm3c=

JdWkeCE2aH5uMqzDQikE2IVmsaMbNA==

DXRpMVx9wYHolAeOVjsokL9HyrWX

OhHhPWGIz5DefU+rm3c=

50M3F7hrlnBBTDLKumo4nMY=

Fqq41ivP9XMLaTycqZUCOA==

711EHcp3p3EnLk+rm3c=

LT/fL08ENi0Gi1dYk4bzMQ==

majorcaplanetary.com

Targets

- Target
  
  5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2
- Size
  
  431KB
- MD5
  
  2f4004a7c35aab17d292814c4a75ddf1
- SHA1
  
  6892b5fdea2c09e09f88b71b1f690cb39b2e8680
- SHA256
  
  5fd570bf6d0b40faa4d64a39dcc7a2a93220e8999e0e4296b967a50413a691b2
- SHA512
  
  4ee8cda276fb4e6c3338bbe6b68d74ee6465a6d0a3fe852ef2cff63d68f54cf33038578e7720866619c97ca9729508ae4b78de449d8cc08e5a57052aedc2350e
- SSDEEP
  
  6144:WYa6iEHEEEzmNjVGb94lw0ByZD8zzORQdFEWoTjhiyUe/w/GtMavE/kcSF:WYwm7C94esXPdFpZJ/GtMav+FSF
Score

10^/10

formbook xloader u8ow loader persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderu8owloaderpersistenceratspywarestealertrojan

behavioral2

formbookxloaderu8owloaderpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy