Overview

overview

10

Static

static

1

8f9dbb0313...ec.exe

windows7-x64

10

8f9dbb0313...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec

  • Size

    709KB

  • Sample

    230321-n83alscb6s

  • MD5

    ca8650a170da8f4dd140aa4192d9da94

  • SHA1

    41245e2b222b1022006a85046c2d1c6e974c4edb

  • SHA256

    8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec

  • SHA512

    f22d5c26e9e5ac0ac96f052afae88f009ed5fb87d7fe7b2550d251b6a83f0b9a67400b745941876cf8c24c324b6be08ec1fa8b8c63d2689a53450ba826b49b34

  • SSDEEP

    12288:/Au825XkTH8gfIwZKoT/U3RnuKsLJrX7MZowGm4:oFCkTowZKfhnuxVD7MZoa

Score
10/10
formbookmodiloaderp6rdpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p6rd

Decoy

tractionjet.com

safaritraffic.website

tasmok.com

xmjeans.com

buybestdildos.com

erwewewcsds.com

streetfonia.com

forgrat.xyz

lonsop.com

canyonvilletigers.com

italiangpt.com

jpoyferre.com

azabunoreraku.tokyo

pelvicfloorexercises.website

cai6.love

chesterguiam.com

sushmapaxton.com

paperbound.store

muzidalipha.com

irenechan.net

Targets

    • Target

      8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec

    • Size

      709KB

    • MD5

      ca8650a170da8f4dd140aa4192d9da94

    • SHA1

      41245e2b222b1022006a85046c2d1c6e974c4edb

    • SHA256

      8f9dbb0313ac2bc7eee44b775e99053e0023472db4c3994c28561830d39bf5ec

    • SHA512

      f22d5c26e9e5ac0ac96f052afae88f009ed5fb87d7fe7b2550d251b6a83f0b9a67400b745941876cf8c24c324b6be08ec1fa8b8c63d2689a53450ba826b49b34

    • SSDEEP

      12288:/Au825XkTH8gfIwZKoT/U3RnuKsLJrX7MZowGm4:oFCkTowZKfhnuxVD7MZoa

    Score
    10/10
    modiloadertrojanformbookp6rdpersistenceratspywarestealer

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • ModiLoader Second Stage

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks