formbook

General

Target

PURCHASE001.exe.bin
Size

876KB
Sample

230501-ywqq6aab3s
MD5

73fb99c411ecc3783a6f8ca99c4b38d3
SHA1

0fac050f30927c0bdb6a59b629a28e9d9277b741
SHA256

be67380a29f7a6441a097d6921cf5c7348bc0ed6d20844b7ec662c24d96c82a5
SHA512

115b8e5b9327b5040aa128cb27df87a21d39e283514ee27b6385566c97f3741b4fb2bf31a8ae9ac013a5faca3613654b6d8fcbf7e67ddaa8a1c36b722c258b67
SSDEEP

12288:NtN+qFRD49GYo3EU9Aj4aNJqzSiMpV+j5fnur1/AUiXZSGjrJ3xigV:NLX89GZ9NaLlpo5S7oZ//J3L

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3sc

Decoy

seemessage.com

bitlab.website

cheesestuff.ru

bhartiyafitness.com

bardapps.com

l7a4.com

chiara-samatanga.com

lesrollintioup.com

dropwc.com

mackey242.com

rackksfresheggs.com

thinkvlog.com

aidmedicalassist.com

firehousepickleball.net

sifreyonetici.com

teka-mart.com

ddttzone.xyz

macfeeupdate.com

ivocastillo.com

serjayparks.com

Targets

- Target
  
  PURCHASE001.exe.bin
- Size
  
  876KB
- MD5
  
  73fb99c411ecc3783a6f8ca99c4b38d3
- SHA1
  
  0fac050f30927c0bdb6a59b629a28e9d9277b741
- SHA256
  
  be67380a29f7a6441a097d6921cf5c7348bc0ed6d20844b7ec662c24d96c82a5
- SHA512
  
  115b8e5b9327b5040aa128cb27df87a21d39e283514ee27b6385566c97f3741b4fb2bf31a8ae9ac013a5faca3613654b6d8fcbf7e67ddaa8a1c36b722c258b67
- SSDEEP
  
  12288:NtN+qFRD49GYo3EU9Aj4aNJqzSiMpV+j5fnur1/AUiXZSGjrJ3xigV:NLX89GZ9NaLlpo5S7oZ//J3L
Score

10^/10

formbook modiloader h3sc persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2