formbook

General

Target

Zdgmvfcqtfvafchobtmhsprgqnvazumhuq.exe
Size

928KB
Sample

220816-larp4saab8
MD5

56397a4e0e681c217aeb81677cba1b49
SHA1

2cdf7120453fdfab33614c259c9a5fcebffc96c7
SHA256

06d75de3031e1429046bb404d0127f91737fae6178bc43bc06f7428a65c85572
SHA512

420b11f6bc0e8c7684ca5f4a267640093c86b84c242d10881706e1697648c356643d01ff27f98dc3413ba8786efdc63b1c95501f6f826692939ebc277c44d81d

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

Targets

- Target
  
  Zdgmvfcqtfvafchobtmhsprgqnvazumhuq.exe
- Size
  
  928KB
- MD5
  
  56397a4e0e681c217aeb81677cba1b49
- SHA1
  
  2cdf7120453fdfab33614c259c9a5fcebffc96c7
- SHA256
  
  06d75de3031e1429046bb404d0127f91737fae6178bc43bc06f7428a65c85572
- SHA512
  
  420b11f6bc0e8c7684ca5f4a267640093c86b84c242d10881706e1697648c356643d01ff27f98dc3413ba8786efdc63b1c95501f6f826692939ebc277c44d81d
Score

10^/10

formbook modiloader o2e7 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Install Root Certificate

1

T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2