formbook

General

Target

4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773
Size

976KB
Sample

221130-wcnfksbg37
MD5

72d3cb6dec38a72bb9996cf50f9ca152
SHA1

fc0094507beca86633a2ff012a91d9e54a058c0d
SHA256

4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773
SHA512

b3f1e45494120de1b50b7497f5ffa9f3ec105fdc3928d6951f8194a5c427d980d03c062d75f068714eb7540715e85aebf33211dafc9b6bdfaa8ac2207ee9214a
SSDEEP

12288:Rt1rtR29DwSwNy6ZgFwg0jPacng2WnAH+QIMYHCoDaMycZ+rfF8hWf:RnxhSwNy6eFGC+jv+QIPHtDocoJf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

yko3

Decoy

marathonpetrolevm.com

starakonoba.com

serenemaldives.com

molinahealthacre.com

tesetturhane.com

szmyjq.com

souiti-stone1.com

lxgnu-jcpm.xyz

outercolitis.life

zebzecim.xyz

dynamic-guard.com

sabzifrosh.com

aimm2.com

ancientroots-healing.com

isp.coffee

selfsolution-session.com

cpcsnesscity.com

wwwcaresact.com

managementskillsdaily.com

oficialforclean.com

Targets

- Target
  
  4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773
- Size
  
  976KB
- MD5
  
  72d3cb6dec38a72bb9996cf50f9ca152
- SHA1
  
  fc0094507beca86633a2ff012a91d9e54a058c0d
- SHA256
  
  4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773
- SHA512
  
  b3f1e45494120de1b50b7497f5ffa9f3ec105fdc3928d6951f8194a5c427d980d03c062d75f068714eb7540715e85aebf33211dafc9b6bdfaa8ac2207ee9214a
- SSDEEP
  
  12288:Rt1rtR29DwSwNy6ZgFwg0jPacng2WnAH+QIMYHCoDaMycZ+rfF8hWf:RnxhSwNy6eFGC+jv+QIPHtDocoJf
Score

10^/10

formbook modiloader yko3 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2