formbook

General

Target

4F34D9D62EA693A2D4C599B4757C51967D87F9FEB22BDBB374B1C200FBB17A26
Size

252KB
Sample

230314-rvzjcahh7z
MD5

1a93da7ec213f2cbe81ceeb1fad95ff5
SHA1

d3ca8b063f685c5c26668a1f6c3e602f0a13e878
SHA256

4f34d9d62ea693a2d4c599b4757c51967d87f9feb22bdbb374b1c200fbb17a26
SHA512

b19ad4f8638bc0c5a7fae39f49207e7ea44a2673e68d1cf3f67c7423ca38e82d73f1c8fae131149e01b86fb3a72fca8c578b9cc5a5e305bb223ae2c40b645c39
SSDEEP

6144:8o76OBC/M60btM/XRcehZ1hbXjvgQ8AtOXbuLHmq:puCCEtO5hZ1hbD3jOL4HP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p6rd

Decoy

tractionjet.com

safaritraffic.website

tasmok.com

xmjeans.com

buybestdildos.com

erwewewcsds.com

streetfonia.com

forgrat.xyz

lonsop.com

canyonvilletigers.com

italiangpt.com

jpoyferre.com

azabunoreraku.tokyo

pelvicfloorexercises.website

cai6.love

chesterguiam.com

sushmapaxton.com

paperbound.store

muzidalipha.com

irenechan.net

Targets

- Target
  
  Mluvzqoqwxnvmb.exe
- Size
  
  709KB
- MD5
  
  ca8650a170da8f4dd140aa4192d9da94
- SHA1
  
  41245e2b222b1022006a85046c2d1c6e974c4edb
- SHA256
  
  8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec
- SHA512
  
  f22d5c26e9e5ac0ac96f052afae88f009ed5fb87d7fe7b2550d251b6a83f0b9a67400b745941876cf8c24c324b6be08ec1fa8b8c63d2689a53450ba826b49b34
- SSDEEP
  
  12288:/Au825XkTH8gfIwZKoT/U3RnuKsLJrX7MZowGm4:oFCkTowZKfhnuxVD7MZoa
Score

10^/10

modiloader trojan formbook p6rd persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2