formbook | 3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e | Triage

Submit
Reports

Overview

overview

Static

static

3eaa45b1b7...7e.exe

windows7_x64

3eaa45b1b7...7e.exe

windows10-2004_x64

Sharing

General

Target

3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
Size

957KB
Sample

220508-gykt9ahae8
MD5

b8623660b1b26ec220e2a37a55e6bd2d
SHA1

0259af6dd86d4fbc6e08664f339c22ee9a21f61b
SHA256

3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
SHA512

00ccc39be883518d7a1e49a3b3e03816c25c87add553d78cf8ccc693572a9025c1f14d656c96f998d1461d7e22dd8b605d8eb18338c68feace26e3f4e6be28d8

Score

10^/10

formbook modiloader emh persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e.exe

Resource

win7-20220414-en

formbook modiloader emh persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e.exe

Resource

win10v2004-20220414-en

formbook modiloader emh persistence rat spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

emh

Decoy

nispvisaservice.com

nikhigiovani.com

weddingmotions.com

villaorhome.com

tikigolf3d.com

mndesignw.com

jeeugae.com

xn--80ayhfu4d.xn--80asehdb

alpinefall.com

circespa.com

digiqsalon.com

kangzhanxian.com

fourleaftextiles.com

inclusivehealthresearch.com

zhongruiyintai.com

xobowoa.space

tiantipaihangbang.com

friendsofricoelmore.net

abalto.xyz

elisautodetailingllc.com

rodronbein.com

grabngogranny.com

manage-funds.com

ziyong9.xyz

positivelycosy.com

freetimecleaningservices.com

billpollakwritingandediting.com

mastjio.com

thelittleredcraftshack.com

lawyeronlineacademy.com

mgameinfo.com

espacoweb.com

moccustoms.com

freecatsociety.com

elsie24gourmetgrill.com

exyron.xyz

thedreamsachievers.com

marieriksmoen.com

hamarazayaka.com

mentatrain.info

odorfood.com

cinargenerator.com

matsubokkuri-huhu.com

responsible.academy

workspacefor1.com

ukchealth.com

edgecomput.info

serialphilanthropy.com

uptown-accounting.com

computers-atlanta.com

digitplusone.store

gardencontainerbar.com

betteringthehumanexperience.xyz

wxxxtw.com

yuanerkang.club

meditec-s.com

ahazaneim.com

missunderstoodclothing.com

lavenderfarmsboutique.com

aminamaroc.com

covaana.com

cutaboveonline.com

healthcarereservists.com

mariannehoefer-krey.com

bringkyliehome.com

Targets

- Target
  
  3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
- Size
  
  957KB
- MD5
  
  b8623660b1b26ec220e2a37a55e6bd2d
- SHA1
  
  0259af6dd86d4fbc6e08664f339c22ee9a21f61b
- SHA256
  
  3eaa45b1b77a0f1b92cec746a2923be593a95f5381293533d5a6759c9d03667e
- SHA512
  
  00ccc39be883518d7a1e49a3b3e03816c25c87add553d78cf8ccc693572a9025c1f14d656c96f998d1461d7e22dd8b605d8eb18338c68feace26e3f4e6be28d8
Score

10^/10

formbook modiloader emh persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

formbookmodiloaderemhpersistenceratspywarestealertrojan

behavioral2

formbookmodiloaderemhpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy