formbook | 8a220fea3dd106a5a5e2ba86ed93c405b8c91dd54a5cf29b4d62994d30c25144 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

286KB
Sample

230301-ytyc8aaa44
MD5

fe37e246c87c62524944da88e8691bc7
SHA1

50f60f77e1dbea6923bd4792d5c56cf93f9e7e29
SHA256

8a220fea3dd106a5a5e2ba86ed93c405b8c91dd54a5cf29b4d62994d30c25144
SHA512

b375520e20cbe51a4b598a4ff3353d90e6728740ada2ae777cb692f65486c30751b496c0b5a3a77f8008939c6c684404587611510fafefab21e0e4def5c2f537
SSDEEP

6144:PYa6J6aP4SaZAaQuHj3FvLqaiO7Xo1ZN4yfUN7aPpEgh:PY7f4LAaLVvWnO7472C2aP7h

Score

10^/10

formbook xloader u8ow loader persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

formbook xloader u8ow loader persistence rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

formbook xloader u8ow loader persistence rat spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Campaign

u8ow

Decoy

uzhDDUNgg10rOh8rkUMGYiLuNnRWl9gwMQ==

bfkA4IUaSgYi7IA=

ezX5yHeR21O3h2RCgQ==

x3E4ntHeLMGQm0kdTi6PJtjOVS6Em8UaKA==

xJuAYwcZLAfqrVazWjvkirgFxDSf

qrGugLdannLYegX5dCtFMA==

i61nMddueAYi7IA=

RoNMKNhtdDWpeiYoaB37TPiHTLo=

RFj3UHHrDtAktSZhYku36opnsaMbNA==

lx0g+6RPl4jwwNPRPuTD

MyEQ4oGk6vXrMM4V

0IVWH0rfKe1J4nn6J9XB

SYVlN3Zrnq2OaWpDiQ==

fNa0jy3P8KQK25rpmwqd0t8=

UZuSZpW+9ffX9KXzmgqd0t8=

Vxf85YCWvYNZjkcDdCtFMA==

0gG1EzLP7/DrMM4V

WExRGVAEE6YS5tJkTxMhR636+A==

6Tv7U4QdURt1KUI+gw==

ooR7RXgsXPtaEutnaQ3efjIXmfJePavzIA==

kH1+agwHHalYZx6qIgfY

ZWt1Rm0DSQlnBqPfWQAc/tcr

cLCK7t168nLRaWpDiQ==

mhlxXnj4ae2oyA==

cNfFjLnZBAbktB6qIgfY

e4+aeK07RtRvyDdIwbTJ

zV1cO+x+pG5zGpk=

Chw2HE2XGN4+Cr/5oYw2qDok

DP/jRm13vb2eiYBXkQ==

Ma9RHLrYBdejyIc/Mg2d/8xWIqM=

VTo6X4LaHCfge/wU

sWUqRFyEF4620a0t2n8=

gFcKdpXTkQzrMM4V

OhMDz+2HrUeaOs/fJBHkCKz7+g==

VO2d9iU2Thf318SIwq0EOA==

e1ku/6K39wfJUusrm0vPx4XRqHIvPpc=

P+jz1DwdYV0=

bTf6X4eNo29HFZaYHIdgOg==

4T4u2HphcHA0

tbfJk7tho2DrMM4V

mN6i/Su4QgqJXCqCRzW3mzJHyrWX

zW04ErzqFdmbu79Rig==

ZmprSnkJRcl0JKT6J9XB

MpWLW5et5BoKKk+rm3c=

Zr2aZxK7/FrlpnRYlw==

0U3tR3qhsDuRX0ebnn0=

wwHLoEjfITb8VSKpjXQ=

U0tVJVTjQAYi7IA=

UhwL8pe04L+OaWpDiQ==

aopHm8x6r2frMM4V

Lmst/p5BnbN6FIkTOM8rEdc=

GE06CTdjgx+Q6ZIV2H8=

EEj/aJNAfnLggR7q56O3833n8g==

iNu4mEHQ21YCng0d

KDEzCTXL1lu2jm76J9XB

75FOp9va+5X90pMaWzhMstYm

dC3913qn0YlNK0+rm3c=

JdWkeCE2aH5uMqzDQikE2IVmsaMbNA==

DXRpMVx9wYHolAeOVjsokL9HyrWX

OhHhPWGIz5DefU+rm3c=

50M3F7hrlnBBTDLKumo4nMY=

Fqq41ivP9XMLaTycqZUCOA==

711EHcp3p3EnLk+rm3c=

LT/fL08ENi0Gi1dYk4bzMQ==

majorcaplanetary.com

Targets

- Target
  
  tmp
- Size
  
  286KB
- MD5
  
  fe37e246c87c62524944da88e8691bc7
- SHA1
  
  50f60f77e1dbea6923bd4792d5c56cf93f9e7e29
- SHA256
  
  8a220fea3dd106a5a5e2ba86ed93c405b8c91dd54a5cf29b4d62994d30c25144
- SHA512
  
  b375520e20cbe51a4b598a4ff3353d90e6728740ada2ae777cb692f65486c30751b496c0b5a3a77f8008939c6c684404587611510fafefab21e0e4def5c2f537
- SSDEEP
  
  6144:PYa6J6aP4SaZAaQuHj3FvLqaiO7Xo1ZN4yfUN7aPpEgh:PY7f4LAaLVvWnO7472C2aP7h
Score

10^/10

formbook xloader u8ow loader persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookxloaderu8owloaderpersistenceratspywarestealertrojan

behavioral2

formbookxloaderu8owloaderpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy