formbook

General

Target

WZ454554.lzh
Size

329KB
Sample

220114-hxpbqaehc5
MD5

f4303e4483fa1d6cbf365fb1befd6bc6
SHA1

16215835670ee0b1a99f645e0de1fb63383ba5e8
SHA256

131829267d961b293b209aaebff3c35ff67e9124365779396ba8f983362cd63f
SHA512

cd0d476d417046248f405196140c960c989ab2bb30c8a691579272af409b115ec3c0d0c1e23dd448607ce731fbfe9090d6e89161ad7143956efd124beba4caab

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m9g2

Decoy

pubgnewstatedl.com

guidedwaveradar.com

onlineexitpoll.com

mutationdesign.com

p60p.com

xhcaijing.com

skpcart.store

houseathomes.com

thenorthdale.com

kvkkkararozetleri.com

formecondominium.com

7808lll.com

mitchfletcher.com

thatsawrapfl.com

glrinternationalfzco.com

dbmxkgek.com

feelingfancy.com

nishieihuku.com

newearthhg.com

tenlog040.xyz

Targets

- Target
  
  WZ454554.exe
- Size
  
  788KB
- MD5
  
  58b39c2620cdda3d3fa6a125f476fc9f
- SHA1
  
  5d2672c79e9dffb2cdeee0d00e406c03c762985c
- SHA256
  
  fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
- SHA512
  
  98e5dd2734fd7ac0515e834f0afc817de1135503c493c3037f6f1e60c070e24e2f34c53ed08a215affd2f3add1e79cc0e6559c9a02c4431b40c2c6b1a89a522f
Score

10^/10

formbook modiloader m9g2 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- ModiLoader First Stage
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook Payload

ModiLoader First Stage

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2