formbook

General

Target

a6a9a1b63360b3ea785f6de90cdd09f12063ad19d218c25a18d6ac0b31ca0de9
Size

356KB
Sample

241121-yrzhhazrdr
MD5

f979d3ea8b8b55b3b459cbd6c74379ae
SHA1

d98498a71f15e2b9b48c60c16e0e7caf90e0dfaa
SHA256

a6a9a1b63360b3ea785f6de90cdd09f12063ad19d218c25a18d6ac0b31ca0de9
SHA512

5d85db2b71bf5f3b7c0a09be716414b9f4af8dd9e658360e09f29d71159d2f24acc90a053c4b2238066bcd673e8e2a4ccd48cf97d3008cea0f550220e9ea0611
SSDEEP

6144:6c5W3P7K6t2i0zB+itODaLO/weQ+hQhe2hmHAEin2BcsUjJ6PDSANh0iXx3oER:6qAfkoDayIeQ+hkmgEyvoOEOiXiq

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

zzun

Decoy

JnNtRHyNupy0GqRzAcasu7hb4rc=

Qv593NGLE7p9UNSaVkPXljAJm2QCNnc=

ePArIFWvjkkMgVEVhw4M4Jk=

26rqUwJ7dD0AiDI=

pBAxMHeK741QFw==

kHD7TPt5846pUMTX

56UnjFjHL1i0j659h3LymRnHpQj+SshC

4vKlKHflPqmWXRbrRwfPtrhb4rc=

6LBd4qButFAi

phMzGll8Ue7Fu+inq5cdnPaSugG3

NKswiQGCvZoG5FgsdHEI

rtTHnuUY8M1qVcXV

SOmECrlAt2oGAA==

L1ep9adutFAi

/UE+/AyvE6uEl28weFI=

IP+xMPQxJR4NE6TK

xvW5GN9/rqA5YUoOVt185Sf7Uw==

fRFNW9DhxL6VF7LA

KFYTfkaY741QFw==

W4JGvMBmt2oGAA==

Extracted

Family

xloader

Version

2.9

Campaign

zzun

Decoy

JnNtRHyNupy0GqRzAcasu7hb4rc=

Qv593NGLE7p9UNSaVkPXljAJm2QCNnc=

ePArIFWvjkkMgVEVhw4M4Jk=

26rqUwJ7dD0AiDI=

pBAxMHeK741QFw==

kHD7TPt5846pUMTX

56UnjFjHL1i0j659h3LymRnHpQj+SshC

4vKlKHflPqmWXRbrRwfPtrhb4rc=

6LBd4qButFAi

phMzGll8Ue7Fu+inq5cdnPaSugG3

NKswiQGCvZoG5FgsdHEI

rtTHnuUY8M1qVcXV

SOmECrlAt2oGAA==

L1ep9adutFAi

/UE+/AyvE6uEl28weFI=

IP+xMPQxJR4NE6TK

xvW5GN9/rqA5YUoOVt185Sf7Uw==

fRFNW9DhxL6VF7LA

KFYTfkaY741QFw==

W4JGvMBmt2oGAA==

Targets

- Target
  
  b08be63af3754f6970336f0f5c751271233d253f0195d2ed8293e50679c18004.exe
- Size
  
  432KB
- MD5
  
  e807bcfa922ddd60a6c8e85c441c576b
- SHA1
  
  f2a2cafc8f9efe1b5d49bcf3cadedc87ea416dac
- SHA256
  
  b08be63af3754f6970336f0f5c751271233d253f0195d2ed8293e50679c18004
- SHA512
  
  6da74e49eaac931a22cfbf33851b5f450c067d445a7434fb4a703db85df55830f8ca046c03418fd4ddc9227a62fbf726805a6fb5ddf39647380633771b8fcfac
- SSDEEP
  
  12288:n+jAiWbrrhAIrzN4f/Q1EZB6bi+pOaWeeJjTJ:+A1zN4nQaZB3xewTJ
Score

10^/10

formbook xloader zzun discovery loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Formbook family

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2