Overview

overview

10

Static

static

1

Nova lista...bi.exe

windows7-x64

10

Nova lista...bi.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nova lista narudzbi.exe

  • Size

    821KB

  • Sample

    230403-gm2cvsee31

  • MD5

    616766559af63faba9405d0b12a74746

  • SHA1

    14b8871ba7809703ff7ef0db025e27b7256a3600

  • SHA256

    4498da76509e6b2062980a910edcef9f620775c7b7aeecde984f157c00dae4f8

  • SHA512

    947be118e75b478f26b5c30e9b2c271019edaf1e8de7b82dade86abbce7fc4e6be7f6dcee2187beff72cf9ca35e579e7c999ed2965dceb217353faf1c6055dd6

  • SSDEEP

    12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+ZQ643VaxBP:nM6yG0+hhzxnidiGHSi3luS

Score
10/10
formbookmodiloader3noppersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

slot999.site

hagsahoy.com

howdyart.com

orders-marketplace.com

ranaa.email

masterlink.guru

archershut.com

weikumcommunications.com

dphardmoney.com

shjyutie.com

vivaberlin.net

mycto.today

curvygirlugc.com

otnmp.cfd

alwrists.com

propercandlecompany.com

allindustry-bg.com

theyoungbizacademy.com

expand658170.com

leslainesdumouchon.com

Targets

    • Target

      Nova lista narudzbi.exe

    • Size

      821KB

    • MD5

      616766559af63faba9405d0b12a74746

    • SHA1

      14b8871ba7809703ff7ef0db025e27b7256a3600

    • SHA256

      4498da76509e6b2062980a910edcef9f620775c7b7aeecde984f157c00dae4f8

    • SHA512

      947be118e75b478f26b5c30e9b2c271019edaf1e8de7b82dade86abbce7fc4e6be7f6dcee2187beff72cf9ca35e579e7c999ed2965dceb217353faf1c6055dd6

    • SSDEEP

      12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+ZQ643VaxBP:nM6yG0+hhzxnidiGHSi3luS

    Score
    10/10
    modiloadertrojanformbook3noppersistenceratspywarestealer

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • ModiLoader Second Stage

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks