General

  • Target

    SecuriteInfo.com.generic.ml.11693.19794

  • Size

    1MB

  • Sample

    220706-c5akmsfhbq

  • MD5

    b7e7dbddbf21cffd9bc1c8dc94d4a441

  • SHA1

    f224aa8a1b6fcc26c1ebce42166529191381abd5

  • SHA256

    c8fc44d1f9bae45933ba95a20f0aebf0e69f8304ea11a4346e610dfacc8ce049

  • SHA512

    72caa05fd9bb53057ecc0beb0a48505901c1d1f6d76394e3340f4ba9daaf472f95a760634a4943858821b41e2ae887f0ac76aa667c5d4fba72436f0d3f20dc67

Malware Config

Targets

    • Target

      SecuriteInfo.com.generic.ml.11693.19794

    • Size

      1MB

    • MD5

      b7e7dbddbf21cffd9bc1c8dc94d4a441

    • SHA1

      f224aa8a1b6fcc26c1ebce42166529191381abd5

    • SHA256

      c8fc44d1f9bae45933ba95a20f0aebf0e69f8304ea11a4346e610dfacc8ce049

    • SHA512

      72caa05fd9bb53057ecc0beb0a48505901c1d1f6d76394e3340f4ba9daaf472f95a760634a4943858821b41e2ae887f0ac76aa667c5d4fba72436f0d3f20dc67

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    • ModiLoader Second Stage

    • Xloader Payload

    • Adds policy Run key to start application

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks