General

  • Target

    b7c538f7a55205b1d94b528a0961e90fe2925c8d

  • Size

    832KB

  • Sample

    210909-q5976agcc6

  • MD5

    a29c5bafd39c7074bd83fcf41f7e9996

  • SHA1

    b7c538f7a55205b1d94b528a0961e90fe2925c8d

  • SHA256

    50bcdce0a0f2c82bdb673e97e305b9e698d5d6e5482ce9412ba21166c6b8d904

  • SHA512

    98a3e2c7d645bdb9c4b272da92edb515de652604d373c8215a619e063f78b1da306ab92629f9581ca1c4c9abe92e2319b34d703b66b3c4bdb743854e3ef39fc3

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

    • Target

      b7c538f7a55205b1d94b528a0961e90fe2925c8d

    • Size

      832KB

    • MD5

      a29c5bafd39c7074bd83fcf41f7e9996

    • SHA1

      b7c538f7a55205b1d94b528a0961e90fe2925c8d

    • SHA256

      50bcdce0a0f2c82bdb673e97e305b9e698d5d6e5482ce9412ba21166c6b8d904

    • SHA512

      98a3e2c7d645bdb9c4b272da92edb515de652604d373c8215a619e063f78b1da306ab92629f9581ca1c4c9abe92e2319b34d703b66b3c4bdb743854e3ef39fc3

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Formbook Payload

    • Adds policy Run key to start application

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks