formbook

General

Target

Jljvzkwkajrxpwstjmkmcplxflanzapxsi.exe
Size

1.1MB
Sample

220811-ggayqadfc8
MD5

619ce11794a336a36f03a90866b032a2
SHA1

5d54cad65c1738756c3af8bb73a304d6ac7ed515
SHA256

c7046054dfa14ba59f91b14d7039a7d4bff88e62cb0b9bfaf6b3eb247662d5ce
SHA512

ec796899434d7413187e99637fa7b6d2648aaa6002409aea4d50389baf957b070e48e1c557209946e7c4db0b72c0b55a5c73318ed1e4c68f55ffec601c9f6aa2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

Targets

- Target
  
  Jljvzkwkajrxpwstjmkmcplxflanzapxsi.exe
- Size
  
  1.1MB
- MD5
  
  619ce11794a336a36f03a90866b032a2
- SHA1
  
  5d54cad65c1738756c3af8bb73a304d6ac7ed515
- SHA256
  
  c7046054dfa14ba59f91b14d7039a7d4bff88e62cb0b9bfaf6b3eb247662d5ce
- SHA512
  
  ec796899434d7413187e99637fa7b6d2648aaa6002409aea4d50389baf957b070e48e1c557209946e7c4db0b72c0b55a5c73318ed1e4c68f55ffec601c9f6aa2
Score

10^/10

formbook modiloader o2e7 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2