formbook

General

Target

U prilogu je nova lista narudzbi.exe
Size

1.0MB
Sample

230405-xal1eaah4w
MD5

3df77cd9b148f741aabafae673c30c15
SHA1

40799ad5fbf94780eccd795ef07e77303b6638d9
SHA256

0080c65d479bdb2212ce757c8c874b8d10e2c341a557b40e5e4a1e97b889f1dd
SHA512

f453160682183f45e909b1e489e1c20ad3197d4327e57cb151f36765c70dea2b084c5ab2787cb6263f1aebaaabfff91ebbea54042d54227781468027e0410d91
SSDEEP

24576:v6R9yfVUXwTEfF59XADz3OjaZQQJ0nhUGfAp7LM:v6mO0MF59XADzejakuGfA1M

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

slot999.site

hagsahoy.com

howdyart.com

orders-marketplace.com

ranaa.email

masterlink.guru

archershut.com

weikumcommunications.com

dphardmoney.com

shjyutie.com

vivaberlin.net

mycto.today

curvygirlugc.com

otnmp.cfd

alwrists.com

propercandlecompany.com

allindustry-bg.com

theyoungbizacademy.com

expand658170.com

leslainesdumouchon.com

Targets

- Target
  
  U prilogu je nova lista narudzbi.exe
- Size
  
  1.0MB
- MD5
  
  3df77cd9b148f741aabafae673c30c15
- SHA1
  
  40799ad5fbf94780eccd795ef07e77303b6638d9
- SHA256
  
  0080c65d479bdb2212ce757c8c874b8d10e2c341a557b40e5e4a1e97b889f1dd
- SHA512
  
  f453160682183f45e909b1e489e1c20ad3197d4327e57cb151f36765c70dea2b084c5ab2787cb6263f1aebaaabfff91ebbea54042d54227781468027e0410d91
- SSDEEP
  
  24576:v6R9yfVUXwTEfF59XADz3OjaZQQJ0nhUGfAp7LM:v6mO0MF59XADzejakuGfA1M
Score

10^/10

formbook modiloader 3nop persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2