In-depth analysis of Formbook/Xloader v7.1
Tags
| attack-pattern: | Data Clipboard Data - T1414 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Clipboard Data - T1115 |
Common Information
| Type | Value |
|---|---|
| UUID | 0fbe6002-38ff-4517-9998-727f58a4e6a3 |
| Fingerprint | c1498b3e5975a92 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 5, 2024, 3:50 p.m. |
| Added to db | Nov. 5, 2024, 5:35 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | In-depth analysis of Formbook/Xloader v7.1 |
| Title | In-depth analysis of Formbook/Xloader v7.1 |
| Detected Hints/Tags/Attributes | 65/1/40 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
| Details | 172 | ✔ | Reverse Engineering on Medium | https://medium.com/feed/tag/reverse-engineering | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ryan-weil.github.io |
|
| Details | Domain | 12 | www.sqlite.org |
|
| Details | Domain | 1 | sqlite-dll-win32-x86-3080300.zip |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 71 | nss3.dll |
|
| Details | File | 25 | nspr4.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 20 | sspicli.dll |
|
| Details | File | 4 | browser.dll |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 1 | dragon_s.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 23 | vaultcli.dll |
|
| Details | File | 3 | winsqlite3.dll |
|
| Details | File | 104 | sqlite3.dll |
|
| Details | File | 76 | gdi32.dll |
|
| Details | File | 33 | gdiplus.dll |
|
| Details | File | 11 | www.sql |
|
| Details | File | 1 | sqlite-dll-win32-x86-3080300.zip |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | File | 21 | write.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 11 | finger.exe |
|
| Details | File | 11 | sfc.exe |
|
| Details | File | 11 | iexpress.exe |
|
| Details | File | 8 | rasautou.exe |
|
| Details | File | 8 | choice.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 3 | relog.exe |
|
| Details | File | 4 | tcpsvcs.exe |
|
| Details | File | 2 | msfeedssync.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 64 | logins.json |
|
| Details | Url | 1 | https://ryan-weil.github.io/posts/agent-tesla-1/. |
|
| Details | Url | 1 | http://www.sqlite.org/2014/sqlite-dll-win32-x86-3080300.zip |
|
| Details | Windows Registry Key | 49 | HKLM\Software\Microsoft\Windows |