formbook

General

Target

2f629a402b16b6b5a6c223d27673a368507e018b6c526aa62815da9493337d7e
Size

227KB
Sample

230612-29a5eaef41
MD5

71cdc8400bfe18811d29425c2a9cb109
SHA1

031f46d4350785dd4d8ad9eaaed3ae8a410f3382
SHA256

2f629a402b16b6b5a6c223d27673a368507e018b6c526aa62815da9493337d7e
SHA512

e019b3fb80112dab79bb6a2ce9d1bf9ba01f44da277d2399b9ae07d667f2601ddb243dd53f1b7495da0d4ee28ec2731d53916d23deb81b6d8ae40670d4c69fed
SSDEEP

3072:HfY/TU9fE9PEtuYbzKJbf9shCvCPBVfoZveo8spMN9g/m2oICCTobMaBB8NAL+6c:/Ya6Ez0bf9oCvCXAZ21sU6mCCVBMQu

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

poub

Decoy

WY0eksfISzRg4O6c+opnGL6gaw==

moRjn9ExtYi8UmUo+Tya

2vME+GedoxzFnuLXesUoVj4=

EvW4JWJ1NQ8nN3tA3SM=

2mK9efMZMgN1VOs=

8d0jua5b0J6AQEW7

/2cyThOd37DSTYMASDye4Q0t/Vs=

ral+tbIh2KKAQEW7

YLY9jsPtYB/FRmMo+Tya

R1WcElWAMtFxFrVqtZT2ZpIS9xRZNho=

KFXGg/T1pCC9GjrxUPTcjw==

8mMlK5nDwjjPFTP5jMtAtQ0t/Vs=

c7am8nhhlCo=

UW91trZj6dENxuRdpxOvW1Cf

sjOMUcvq6lYJCZEfV4euFzY=

62nBgPjdmWQkmWElww==

64E8JqA1aruSUvw=

NqI1reXpcR+REye0

8+y1oOsbjgSyEhjXUPTcjw==

Rx9by8gNBwN1VOs=

Targets

- Target
  
  2f629a402b16b6b5a6c223d27673a368507e018b6c526aa62815da9493337d7e
- Size
  
  227KB
- MD5
  
  71cdc8400bfe18811d29425c2a9cb109
- SHA1
  
  031f46d4350785dd4d8ad9eaaed3ae8a410f3382
- SHA256
  
  2f629a402b16b6b5a6c223d27673a368507e018b6c526aa62815da9493337d7e
- SHA512
  
  e019b3fb80112dab79bb6a2ce9d1bf9ba01f44da277d2399b9ae07d667f2601ddb243dd53f1b7495da0d4ee28ec2731d53916d23deb81b6d8ae40670d4c69fed
- SSDEEP
  
  3072:HfY/TU9fE9PEtuYbzKJbf9shCvCPBVfoZveo8spMN9g/m2oICCTobMaBB8NAL+6c:/Ya6Ez0bf9oCvCXAZ21sU6mCCVBMQu
Score

10^/10

formbook xloader poub loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2