formbook | 468f20a351d3ca67038276934cb154c856d06a707e28feda2f64d6770bc93302 | Triage

Sharing

General

Target

Pywofcgeqebadvfrqnascbjqjrjuompfxk.exe
Size

788KB
Sample

220116-w3hb9agbeq
MD5

6616838e56173d87612636d63797a3d8
SHA1

8b12d9623c74bdee8b4c18f9c88a7667618ec64c
SHA256

468f20a351d3ca67038276934cb154c856d06a707e28feda2f64d6770bc93302
SHA512

16645b97991b3ce4d1c9297823407c1c759d5a39511aa174ccb40544f433175f759369c2ad81e2f85b6fb288bc89b152129fb4f390a11909eb542c00b0cddb81

Score

10^/10

formbook modiloader gmfe persistence rat spyware stealer suricata trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmfe

Decoy

boldaerospace.com

oleeoe.com

aucreuxducoeur.one

fatbellytonic.com

newfrontiermining.net

iphone13promax.guide

meltingpotspot.com

zuinigerijder.com

sigmagrup.com

thehekadivine.com

once-only.online

variouselectricianservice.com

xn--oy2b9rj5qfzo85aro.com

wuzuiso.com

inoutinsurance.xyz

company-intel.net

apppromaguginybuo.com

st666.tech

k-reborn-okayama.com

realteenpattix.com

Targets

- Target
  
  Pywofcgeqebadvfrqnascbjqjrjuompfxk.exe
- Size
  
  788KB
- MD5
  
  6616838e56173d87612636d63797a3d8
- SHA1
  
  8b12d9623c74bdee8b4c18f9c88a7667618ec64c
- SHA256
  
  468f20a351d3ca67038276934cb154c856d06a707e28feda2f64d6770bc93302
- SHA512
  
  16645b97991b3ce4d1c9297823407c1c759d5a39511aa174ccb40544f433175f759369c2ad81e2f85b6fb288bc89b152129fb4f390a11909eb542c00b0cddb81
Score

10^/10

formbook modiloader gmfe persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- ModiLoader First Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookmodiloadergmfepersistenceratspywarestealersuricatatrojan