Overview

overview

10

Static

static

win10-standard

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c158e405e3f770859e1adee91a3a0fe2b1bad88

  • Size

    928KB

  • Sample

    221007-aclfbsbbc4

  • MD5

    9ca158156310e44b7ae68632a8236f0d

  • SHA1

    3c158e405e3f770859e1adee91a3a0fe2b1bad88

  • SHA256

    0a2304bcf221a1b1c93983c8e211df1f75e06e2dbd4a5e4b3d536cb24b330159

  • SHA512

    b62eaba1fec994bfa7a8ed3749f5e5074f43f43f506e9343e01cdf8a4d9f6e03386a594270e60887e39709fcda6f2b4d687495ed8ce0719c6e2e3d2a7c24202a

  • SSDEEP

    24576:+Xgr/BEuCNYeA06CG7Dmo/KvouloQHO2XeLoPx1NGe:+XmSLMKfOLoJ

Score
10/10
formbookmodiloaderoeg8persistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oeg8

Decoy

seasonsexpress.net

koncomu.com

kkkb1233.com

blackeventplanners.online

formalbazaar.store

yokoautofilm.com

u603hj200.xyz

ohexpressinc.com

freecryptofaucet.online

beston-counseling.com

collectif.tech

tmtvr.com

giedovandergarde.net

onlinefurnituremail.com

relyon-foodtech.com

barber-smile.com

cornerstoreweb.com

vyascreation.com

boutique-sale.com

reimer-bau.com

Targets

    • Target

      3c158e405e3f770859e1adee91a3a0fe2b1bad88

    • Size

      928KB

    • MD5

      9ca158156310e44b7ae68632a8236f0d

    • SHA1

      3c158e405e3f770859e1adee91a3a0fe2b1bad88

    • SHA256

      0a2304bcf221a1b1c93983c8e211df1f75e06e2dbd4a5e4b3d536cb24b330159

    • SHA512

      b62eaba1fec994bfa7a8ed3749f5e5074f43f43f506e9343e01cdf8a4d9f6e03386a594270e60887e39709fcda6f2b4d687495ed8ce0719c6e2e3d2a7c24202a

    • SSDEEP

      24576:+Xgr/BEuCNYeA06CG7Dmo/KvouloQHO2XeLoPx1NGe:+XmSLMKfOLoJ

    Score
    10/10
    formbookmodiloaderoeg8persistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks