formbook

General

Target

Jpcobmxenkifocexvfhjaqibxbbcwurkhq.exe
Size

681KB
Sample

220127-rykvcsecfl
MD5

b153fee758de5ba2af6f6b2ca4ea5cd8
SHA1

fb7309a6c4d10704ae202865b090d784906db2ab
SHA256

662c7dc1c6b6fbc7cb4622876c0b0b2a42dba7081adede8a65182aef085f7082
SHA512

6481414688630169f0c83ad7a93eb461e279bdf0320abc197e17a28b1d94c0be2a7a434a1a4f9de7996fd9298dfdf05ac1e6424beb558f67d431bd1fa80924d7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmfe

Decoy

boldaerospace.com

oleeoe.com

aucreuxducoeur.one

fatbellytonic.com

newfrontiermining.net

iphone13promax.guide

meltingpotspot.com

zuinigerijder.com

sigmagrup.com

thehekadivine.com

once-only.online

variouselectricianservice.com

xn--oy2b9rj5qfzo85aro.com

wuzuiso.com

inoutinsurance.xyz

company-intel.net

apppromaguginybuo.com

st666.tech

k-reborn-okayama.com

realteenpattix.com

Targets

- Target
  
  Jpcobmxenkifocexvfhjaqibxbbcwurkhq.exe
- Size
  
  681KB
- MD5
  
  b153fee758de5ba2af6f6b2ca4ea5cd8
- SHA1
  
  fb7309a6c4d10704ae202865b090d784906db2ab
- SHA256
  
  662c7dc1c6b6fbc7cb4622876c0b0b2a42dba7081adede8a65182aef085f7082
- SHA512
  
  6481414688630169f0c83ad7a93eb461e279bdf0320abc197e17a28b1d94c0be2a7a434a1a4f9de7996fd9298dfdf05ac1e6424beb558f67d431bd1fa80924d7
Score

10^/10

formbook modiloader gmfe persistence rat spyware stealer suricata trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Formbook Payload
  rat
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

suricata: ET MALWARE FormBook CnC Checkin (GET)

Formbook Payload

ModiLoader Second Stage

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2