formbook

General

Target

Copia bancaria de swift.exe
Size

1.0MB
Sample

210409-nqbmczzqas
MD5

dbffe45209268fceb4ef853ade60e906
SHA1

4e88dcead800dfd98e92c6c2d1ae8f83f398b1ae
SHA256

fc1f23fd25b2eeb98a872bd0152b891d505e06e56db8f270b1e2a52462a6ecc8
SHA512

53a4bca8966a6472fb791a30d494d4b9b55d19901feb05439d5fa93138461715ed8dc51459bfe8645493484dce4bc6ae5801fb73cede1a33fe71584482075e7e

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.joomlas123.info/3nop/

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

Targets

- Target
  
  Copia bancaria de swift.exe
- Size
  
  1.0MB
- MD5
  
  dbffe45209268fceb4ef853ade60e906
- SHA1
  
  4e88dcead800dfd98e92c6c2d1ae8f83f398b1ae
- SHA256
  
  fc1f23fd25b2eeb98a872bd0152b891d505e06e56db8f270b1e2a52462a6ecc8
- SHA512
  
  53a4bca8966a6472fb791a30d494d4b9b55d19901feb05439d5fa93138461715ed8dc51459bfe8645493484dce4bc6ae5801fb73cede1a33fe71584482075e7e
Score

10^/10

formbook modiloader persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2