formbook

General

Target

120fa64f85b894d98a09843a4e0fe81a.exe
Size

782KB
Sample

221128-j79k3shd36
MD5

120fa64f85b894d98a09843a4e0fe81a
SHA1

cccd0142f24a8939dd22d7176bafeeb60ffa67ae
SHA256

503d324cb44c441dafaabdec1455afe9a320cfceaa346198050f3ffad7c6aa8a
SHA512

ae9d4b1e7f539b90684207731ccf46b4500928957a10ccef75384149d15168d9980be6c6575a28199abb04294661cd97d1be6715a6f6941d2b222e2a94833793
SSDEEP

12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZlRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZlZ1Hap4nya6RxY

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

slot999.site

hagsahoy.com

howdyart.com

orders-marketplace.com

ranaa.email

masterlink.guru

archershut.com

weikumcommunications.com

dphardmoney.com

shjyutie.com

vivaberlin.net

mycto.today

curvygirlugc.com

otnmp.cfd

alwrists.com

propercandlecompany.com

allindustry-bg.com

theyoungbizacademy.com

expand658170.com

leslainesdumouchon.com

Targets

- Target
  
  120fa64f85b894d98a09843a4e0fe81a.exe
- Size
  
  782KB
- MD5
  
  120fa64f85b894d98a09843a4e0fe81a
- SHA1
  
  cccd0142f24a8939dd22d7176bafeeb60ffa67ae
- SHA256
  
  503d324cb44c441dafaabdec1455afe9a320cfceaa346198050f3ffad7c6aa8a
- SHA512
  
  ae9d4b1e7f539b90684207731ccf46b4500928957a10ccef75384149d15168d9980be6c6575a28199abb04294661cd97d1be6715a6f6941d2b222e2a94833793
- SSDEEP
  
  12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZlRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZlZ1Hap4nya6RxY
Score

10^/10

modiloader trojan formbook 3nop persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2