formbook

General

Target

Scan 25112020 pdf.exe
Size

1.1MB
Sample

201125-qxj4q5t8ns
MD5

3bf7d6e52f705caf7c60c80f3924b6a5
SHA1

02f8bbb4c029ab6f87deff90c7d4617fbca5b493
SHA256

894f564c6c023c4baf66d72f13578bbfcd992b21f42f3f732887933d438ddbb7
SHA512

9a0630f62b593653c4cb96eb32fed3f284f9c139cc503ae21b228dd11854b2736d1e7900d3273a72cf27d0518cddaf0fa4e57aba3b4779c267a92686060827e9

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.lupipins.com/cxs/

Decoy

hempfor.pro

jadavjilalji.com

parekhbrothersjewellers.com

soapsandcandle.com

slingshotde.com

alidesiro.com

78500975.xyz

mindfx.club

miyashita-geka-2.com

thescentofstyle.com

collegiatecoronavirus.com

techewa.com

liteletherapy.com

mbenguist.com

divorcetemeculalawyer.com

halostreams.net

brutus1.com

thenewdadbody.com

coppermines.net

henryciencias.com

Targets

- Target
  
  Scan 25112020 pdf.exe
- Size
  
  1.1MB
- MD5
  
  3bf7d6e52f705caf7c60c80f3924b6a5
- SHA1
  
  02f8bbb4c029ab6f87deff90c7d4617fbca5b493
- SHA256
  
  894f564c6c023c4baf66d72f13578bbfcd992b21f42f3f732887933d438ddbb7
- SHA512
  
  9a0630f62b593653c4cb96eb32fed3f284f9c139cc503ae21b228dd11854b2736d1e7900d3273a72cf27d0518cddaf0fa4e57aba3b4779c267a92686060827e9
Score

10^/10

formbook modiloader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- ModiLoader First Stage
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook Payload

ModiLoader First Stage

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2