formbook | 0823db6cc251f5500ccb441b6751132721b188a9b622d6fa859ee37149bff324 | Triage

Submit
Reports

Overview

overview

Static

static

Angebot bestellen.exe

windows7_x64

Angebot bestellen.exe

windows10_x64

Sharing

General

Target

Angebot bestellen.exe
Size

1.7MB
Sample

200821-5zs2pppeq6
MD5

32165a044899184c6231b9a194d729e3
SHA1

2b1b1e1ef64c1e150ba43d8fb4d59ae9fd74e68e
SHA256

0823db6cc251f5500ccb441b6751132721b188a9b622d6fa859ee37149bff324
SHA512

cfd478382375a07d298d12775e7e66b3efbee9d5736f735e830e14520ece1b2215b3e2e392ad27a291bd2720981183cde40ef87af07f946dcba894286b7b75c7

Score

10^/10

formbook modiloader persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Angebot bestellen.exe

Resource

win7

rat persistence trojan modiloader spyware stealer formbook

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Angebot bestellen.exe

Resource

win10

rat persistence spyware trojan modiloader stealer formbook

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

C2

http://www.joomlas123.info/n7ak/

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

bazarmoney.net

librosdecienciaficcion.com

shopmomsthebomb.com

vanjacob.com

tgyaa.com

theporncollective.net

hydrabadproperties.com

brindesecologicos.com

sayagayrimenkul.net

4btoken.com

shycedu.com

overall789.top

maison-pierre-bayle.com

elitemediamasters.com

sharmasfabrics.com

hoshamp.com

myultimateleadgenerator.com

office4u.info

thaimart1.com

ultimatewindowusa.com

twoblazesartworks.com

airteloffer.com

shoupaizhao.com

741dakotadr.info

books4arab.net

artedelcioccolato.biz

tjqcu.info

teccoop.net

maturebridesdressguide.com

excelcapfunding.com

bitcoinak.com

profileorderflow.com

unbelievabowboutique.com

midlandshomesolutionsltd.com

healthywithhook.com

stirlingpiper.com

manfast.online

arikorin.com

texastrustedinsurance.com

moodandmystery.com

yh77808.com

s-immotanger.com

runzexd.com

meteoannecy.net

Targets

- Target
  
  Angebot bestellen.exe
- Size
  
  1.7MB
- MD5
  
  32165a044899184c6231b9a194d729e3
- SHA1
  
  2b1b1e1ef64c1e150ba43d8fb4d59ae9fd74e68e
- SHA256
  
  0823db6cc251f5500ccb441b6751132721b188a9b622d6fa859ee37149bff324
- SHA512
  
  cfd478382375a07d298d12775e7e66b3efbee9d5736f735e830e14520ece1b2215b3e2e392ad27a291bd2720981183cde40ef87af07f946dcba894286b7b75c7
Score

10^/10

rat persistence trojan modiloader spyware stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- ModiLoader First Stage
- ModiLoader Second Stage
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ratpersistencetrojanmodiloaderspywarestealerformbook

behavioral2

ratpersistencespywaretrojanmodiloaderstealerformbook

© 2018-2024

Terms | Privacy