formbook

General

Target

SecuriteInfo.com.W32.Formbook.AA.tr.17194.exe
Size

975KB
Sample

220916-nc5e4affb8
MD5

5c5f6418364d135500080bcbaecf1be1
SHA1

718544eece57175e5d34e8f2c02264ffd08cc98a
SHA256

44db6b3b48500386767c3b65e1ccc784a41108486ff999a8d3be6e97b828ab87
SHA512

3484ab14148aa6b370dc1f789e6e5b0fcb54ef7bda2f0d73bb701c7acc03fc61afb106b15d57f8332a4359331abf080e0cdf42ee0dfb52e0f72b36203c3bd90f
SSDEEP

12288:Mi8HjEB1mpzdFnoIvtUg2jIEsnciI50wv2ykDooyZGbR48yArhf7fvqd2222222P:MvD+mpzdCIvtUjmnzfXooX48yAlv

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

od65

Decoy

vWv++sZuMcvF33G4l6XP9EZPtA==

t5BN04mkc6x7eQtgS2Cny1c74wh2JQ==

ZTwBHxvcOi/zDyg=

HwPQCRbYNSbYx9YwkxE7M8jD

zrZ7kYRUKtRvsNwuQoroFy2XBerx1ZfW

x5kgkNmETMWdsMcOWt8=

U0nl/edTCD8CML781w==

eC3RNeH20QR4+QB6

p41iGJpixNsjiSetfNP4Xw==

EgiwGUUP9OJdsjqZh4WLohiTERg=

vKx/M5lOHMDiAarHuukJ

im4Rsi5OGk2Qv9cjI2fC+gReNuXeksU=

dynF4YrQWXXHLMxHG1yVAZNvIO/x1ZfW

5pYrnPK8nt07O4mUm9c=

+tdo4GF+OlqJwtwXcP9Da1H1sBA=

zaoxtveyMFwVVFy/GaHFTfl3EbqsGInQ

Dth/Hns1tuE1cJwjk1SkP0w74wh2JQ==

9LJY/i/hzC/zDyg=

/eZh3RKaXKLXGG1kvkZs5m4=

o31J4w2cWOhJP4mUm9c=

Targets

- Target
  
  SecuriteInfo.com.W32.Formbook.AA.tr.17194.exe
- Size
  
  975KB
- MD5
  
  5c5f6418364d135500080bcbaecf1be1
- SHA1
  
  718544eece57175e5d34e8f2c02264ffd08cc98a
- SHA256
  
  44db6b3b48500386767c3b65e1ccc784a41108486ff999a8d3be6e97b828ab87
- SHA512
  
  3484ab14148aa6b370dc1f789e6e5b0fcb54ef7bda2f0d73bb701c7acc03fc61afb106b15d57f8332a4359331abf080e0cdf42ee0dfb52e0f72b36203c3bd90f
- SSDEEP
  
  12288:Mi8HjEB1mpzdFnoIvtUg2jIEsnciI50wv2ykDooyZGbR48yArhf7fvqd2222222P:MvD+mpzdCIvtUjmnzfXooX48yAlv
Score

10^/10

formbook modiloader od65 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Install Root Certificate

1

T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2