formbook

General

Target

99f14b23168805c8860a21de598c95f8e28cd75b
Size

721KB
Sample

220114-mh6dxafhek
MD5

91afb771acd23304827f4dca829e360d
SHA1

99f14b23168805c8860a21de598c95f8e28cd75b
SHA256

cab5f50e805b3a36e0ea6cf84c40b4b90e372fcd2f3f1024664af5440282d496
SHA512

686eec9ade39a4cdc638d56259911c8908b115f826f6eb0516f91289dfe64994b0418f72827d55cd59872bb73f1abc0e2c1e347bff5bd47f217be0905f31a42d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

su4h

Decoy

groovygorditas.com

mrcandywholesale.com

beer-nuts.xyz

its-choke.store

officefurnitureinteriors.com

nkdbetta.online

destocksol.com

sustainability-magazine.online

medilamwellness.com

buildersdesignservices.net

jaicraquemacombi.net

cglvyoxu.com

pid-solutions.com

lgldesignstories.com

willamsbrian91.xyz

jockstaffing.com

delhipathlab.com

fiat126.info

gardiropaskisi.com

lz-jaini1615-hw0916-bs.xyz

Targets

- Target
  
  99f14b23168805c8860a21de598c95f8e28cd75b
- Size
  
  721KB
- MD5
  
  91afb771acd23304827f4dca829e360d
- SHA1
  
  99f14b23168805c8860a21de598c95f8e28cd75b
- SHA256
  
  cab5f50e805b3a36e0ea6cf84c40b4b90e372fcd2f3f1024664af5440282d496
- SHA512
  
  686eec9ade39a4cdc638d56259911c8908b115f826f6eb0516f91289dfe64994b0418f72827d55cd59872bb73f1abc0e2c1e347bff5bd47f217be0905f31a42d
Score

10^/10

modiloader trojan formbook su4h persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- ModiLoader First Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Install Root Certificate

1

T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook Payload

ModiLoader First Stage

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2